From: Janosch Frank <frankja@linux.ibm.com>
To: Nico Boehr <nrb@linux.ibm.com>,
borntraeger@linux.ibm.com, imbrenda@linux.ibm.com,
shuah@kernel.org
Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH v2 1/2] KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
Date: Fri, 12 May 2023 09:20:31 +0200 [thread overview]
Message-ID: <56258345-3e3c-3acd-e240-a0b348eb9df3@linux.ibm.com> (raw)
In-Reply-To: <20230324145424.293889-2-nrb@linux.ibm.com>
On 3/24/23 15:54, Nico Boehr wrote:
> The KVM_S390_GET_CMMA_BITS ioctl may return incorrect values when userspace
> specifies a start_gfn outside of memslots.
>
> This can occur when a VM has multiple memslots with a hole in between:
>
> +-----+----------+--------+--------+
> | ... | Slot N-1 | <hole> | Slot N |
> +-----+----------+--------+--------+
> ^ ^ ^ ^
> | | | |
> GFN A A+B | |
> A+B+C |
> A+B+C+D
>
> When userspace specifies a GFN in [A+B, A+B+C), it would expect to get the
> CMMA values of the first dirty page in Slot N. However, userspace may get a
> start_gfn of A+B+C+D with a count of 0, hence completely skipping over any
> dirty pages in slot N.
>
> The error is in kvm_s390_next_dirty_cmma(), which assumes
> gfn_to_memslot_approx() will return the memslot _below_ the specified GFN
> when the specified GFN lies outside a memslot. In reality it may return
> either the memslot below or above the specified GFN.
>
> When a memslot above the specified GFN is returned this happens:
>
> - ofs is calculated, but since the memslot's base_gfn is larger than the
> specified cur_gfn, ofs will underflow to a huge number.
> - ofs is passed to find_next_bit(). Since ofs will exceed the memslot's
> number of pages, the number of pages in the memslot is returned,
> completely skipping over all bits in the memslot userspace would be
> interested in.
>
> Fix this by resetting ofs to zero when a memslot _above_ cur_gfn is
> returned (cur_gfn < ms->base_gfn).
>
> Signed-off-by: Nico Boehr <nrb@linux.ibm.com>
> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Does this need a fix tag?
next prev parent reply other threads:[~2023-05-12 7:21 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-24 14:54 [PATCH v2 0/2] KVM: s390: CMMA migration selftest and small bugfix Nico Boehr
2023-03-24 14:54 ` [PATCH v2 1/2] KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes Nico Boehr
2023-05-12 7:20 ` Janosch Frank [this message]
2023-05-12 7:54 ` Nico Boehr
2023-03-24 14:54 ` [PATCH v2 2/2] KVM: s390: selftests: add selftest for CMMA migration Nico Boehr
2023-03-24 17:24 ` Claudio Imbrenda
2023-05-11 9:41 ` [PATCH v2 0/2] KVM: s390: CMMA migration selftest and small bugfix Nico Boehr
2023-05-17 14:34 ` Claudio Imbrenda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56258345-3e3c-3acd-e240-a0b348eb9df3@linux.ibm.com \
--to=frankja@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=nrb@linux.ibm.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox