From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Paul Mackerras <paulus@samba.org>,
Alexander Graf <agraf@suse.de>
Subject: [PATCH 4.1 079/102] KVM: PPC: Book3S HV: Fix race in reading change bit when removing HPTE
Date: Sat, 19 Sep 2015 10:28:31 -0700 [thread overview]
Message-ID: <20150919171749.010834396@linuxfoundation.org> (raw)
In-Reply-To: <20150919171745.474069671@linuxfoundation.org>
4.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Mackerras <paulus@samba.org>
commit 1e5bf454f58731e360e504253e85bae7aaa2d298 upstream.
The reference (R) and change (C) bits in a HPT entry can be set by
hardware at any time up until the HPTE is invalidated and the TLB
invalidation sequence has completed. This means that when removing
a HPTE, we need to read the HPTE after the invalidation sequence has
completed in order to obtain reliable values of R and C. The code
in kvmppc_do_h_remove() used to do this. However, commit 6f22bd3265fb
("KVM: PPC: Book3S HV: Make HTAB code LE host aware") removed the
read after invalidation as a side effect of other changes. This
restores the read of the HPTE after invalidation.
The user-visible effect of this bug would be that when migrating a
guest, there is a small probability that a page modified by the guest
and then unmapped by the guest might not get re-transmitted and thus
the destination might end up with a stale copy of the page.
Fixes: 6f22bd3265fb
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kvm/book3s_hv_rm_mmu.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
--- a/arch/powerpc/kvm/book3s_hv_rm_mmu.c
+++ b/arch/powerpc/kvm/book3s_hv_rm_mmu.c
@@ -421,14 +421,20 @@ long kvmppc_do_h_remove(struct kvm *kvm,
rev = real_vmalloc_addr(&kvm->arch.revmap[pte_index]);
v = pte & ~HPTE_V_HVLOCK;
if (v & HPTE_V_VALID) {
- u64 pte1;
-
- pte1 = be64_to_cpu(hpte[1]);
hpte[0] &= ~cpu_to_be64(HPTE_V_VALID);
- rb = compute_tlbie_rb(v, pte1, pte_index);
+ rb = compute_tlbie_rb(v, be64_to_cpu(hpte[1]), pte_index);
do_tlbies(kvm, &rb, 1, global_invalidates(kvm, flags), true);
- /* Read PTE low word after tlbie to get final R/C values */
- remove_revmap_chain(kvm, pte_index, rev, v, pte1);
+ /*
+ * The reference (R) and change (C) bits in a HPT
+ * entry can be set by hardware at any time up until
+ * the HPTE is invalidated and the TLB invalidation
+ * sequence has completed. This means that when
+ * removing a HPTE, we need to re-read the HPTE after
+ * the invalidation sequence has completed in order to
+ * obtain reliable values of R and C.
+ */
+ remove_revmap_chain(kvm, pte_index, rev, v,
+ be64_to_cpu(hpte[1]));
}
r = rev->guest_rpte & ~HPTE_GR_RESERVED;
note_hpte_modification(kvm, rev);
next prev parent reply other threads:[~2015-09-19 17:38 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-19 17:27 [PATCH 4.1 000/102] 4.1.8-stable review Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 001/102] x86/ldt: Make modify_ldt synchronous Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 002/102] x86/ldt: Correct LDT access in single stepping logic Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 003/102] x86/ldt: Correct FPU emulation access to LDT Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 004/102] x86/ldt: Further fix FPU emulation Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 005/102] DRM - radeon: Dont link train DisplayPort on HPD until we get the dpcd Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 006/102] drm/i915: apply the PCI_D0/D3 hibernation workaround everywhere on pre GEN6 Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 010/102] drm/radeon: fix HDMI quantization_range for pre-DCE5 asics Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 011/102] drm/i915: Preserve SSC earlier Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 012/102] drm/qxl: validate monitors config modes Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 016/102] s390/sclp: fix compile error Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 017/102] s390/setup: fix novx parameter Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 018/102] iio: bmg160: IIO_BUFFER and IIO_TRIGGERED_BUFFER are required Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 019/102] iio: event: Remove negative error code from iio_event_poll Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 020/102] iio: industrialio-buffer: Fix iio_buffer_poll return value Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 021/102] iio: adis16400: Fix adis16448 gyroscope scale Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 022/102] iio: Add inverse unit conversion macros Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 023/102] iio: adis16480: Fix scale factors Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 025/102] staging: comedi: adl_pci7x3x: fix digital output on PCI-7230 Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 026/102] staging: comedi: usbduxsigma: dont clobber ai_timer in command test Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 027/102] staging: comedi: usbduxsigma: dont clobber ao_timer " Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 028/102] PM / clk: dont return int on __pm_clk_enable() Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 029/102] clk: rockchip: rk3288: add CLK_SET_RATE_PARENT to sclk_mac Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 030/102] clk: exynos4: Fix wrong clock for Exynos4x12 ADC Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 031/102] clk: s5pv210: add missing call to samsung_clk_of_add_provider() Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 032/102] clk: pistachio: Fix override of clk-pll settings from boot loader Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 033/102] clk: pistachio: correct critical clock list Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 034/102] clk: versatile: off by one in clk_sp810_timerclken_of_get() Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 035/102] clk: pxa: fix core frequency reporting unit Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 036/102] clk: qcom: Set CLK_SET_RATE_PARENT on ce1 clocks Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 037/102] clk: qcom: Fix MSM8916 prng clock enable bit Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 038/102] PCI: Fix TI816X class code quirk Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 039/102] PCI: Add dev_flags bit to access VPD through function 0 Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 040/102] PCI: Add VPD function 0 quirk for Intel Ethernet devices Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 041/102] PCI: Disable async suspend/resume for JMicron multi-function SATA/AHCI Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 042/102] spi: bcm2835: set up spi-mode before asserting cs-gpio Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 043/102] spi: Fix regression in spi-bitbang-txrx.h Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 044/102] spi: sh-msiof: Fix FIFO size to 64 word from 256 word Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 045/102] spi: img-spfi: check for timeout error before proceeding Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 046/102] spi: img-spfi: fix multiple calls to request gpio Greg Kroah-Hartman
2015-09-19 17:27 ` [PATCH 4.1 047/102] spi: img-spfi: fix kbuild test robot warning Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 048/102] spi: dw: Allow interface drivers to limit data I/O to word sizes Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 049/102] USB: symbolserial: Use usb_get_serial_port_data Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 050/102] USB: qcserial: add HP lt4111 LTE/EV-DO/HSPA+ Gobi 4G Module Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 051/102] USB: ftdi_sio: Added custom PID for CustomWare products Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 052/102] USB: pl2303: fix baud-rate divisor calculations Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 053/102] libxfs: readahead of dir3 data blocks should use the read verifier Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 054/102] xfs: Fix xfs_attr_leafblock definition Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 055/102] xfs: Fix file type directory corruption for btree directories Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 056/102] usb: gadget: m66592-udc: forever loop in set_feature() Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 057/102] doc: usb: gadget-testing: using the updated testusb.c Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 058/102] usb: dwc3: ep0: Fix mem corruption on OUT transfers of more than 512 bytes Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 059/102] usb: gadget: f_uac2: finalize wMaxPacketSize according to bandwidth Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 060/102] usb: host: ehci-sys: delete useless bus_to_hcd conversion Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 061/102] tty: serial: men_z135_uart.c: Fix race between IRQ and set_termios() Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 062/102] ASoC: rt5640: fix line out no sound issue Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 063/102] ASoC: samsung: Remove redundant arndale_audio_remove Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 064/102] ASoC: adav80x: Remove .read_flag_mask setting from adav80x_regmap_config Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 065/102] ASoC: arizona: Fix gain settings of FLL in free-run mode Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 066/102] ASoC: arizona: Poll for FLL clock OK rather than use interrupts Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 067/102] serial: 8250: dont bind to SMSC IrCC IR port Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 068/102] serial: 8250: bind to ALi Fast Infrared Controller (ALI5123) Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 069/102] serial: 8250_pci: Add support for Pericom PI7C9X795[1248] Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 070/102] serial: samsung: fix DMA mode enter condition for small FIFO sizes Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 071/102] serial: samsung: fix DMA for FIFO smaller than cache line size Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 072/102] crypto: vmx - Fixing GHASH Key issue on little endian Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 073/102] crypto: ghash-clmulni: specify context size for ghash async algorithm Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 074/102] HID: usbhid: Fix the check for HID_RESET_PENDING in hid_io_error Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 075/102] HID: cp2112: fix byte order in SMBUS operations Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 076/102] HID: cp2112: fix I2C_SMBUS_BYTE write Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 077/102] KVM: MMU: fix validation of mmio page fault Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 078/102] KVM: PPC: Book3S HV: Exit on H_DOORBELL if HOST_IPI is set Greg Kroah-Hartman
2015-09-19 17:28 ` Greg Kroah-Hartman [this message]
2015-09-19 17:28 ` [PATCH 4.1 080/102] KVM: x86: Use adjustment in guest cycles when handling MSR_IA32_TSC_ADJUST Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 081/102] xtensa: fix threadptr reload on return to userspace Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 082/102] xtensa: fix kernel register spilling Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 083/102] devres: fix devres_get() Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 084/102] Doc: ABI: testing: configfs-usb-gadget-loopback Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 085/102] Doc: ABI: testing: configfs-usb-gadget-sourcesink Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 086/102] spi/spi-xilinx: Fix spurious IRQ ACK on irq mode Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 087/102] spi/spi-xilinx: Fix mixed poll/irq mode Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 088/102] auxdisplay: ks0108: fix refcount Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 089/102] regulator: pbias: Fix broken pbias disable functionality Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 090/102] x86/mce: Reenable CMCI banks when swiching back to interrupt mode Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 091/102] soc/tegra: pmc: Avoid usage of uninitialized variable Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 092/102] of/address: Dont loop forever in of_find_matching_node_by_address() Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 093/102] ARM: orion5x: fix legacy orion5x IRQ numbers Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 094/102] ARM: dts: fix clock-frequency of display timing0 for exynos3250-rinato Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 095/102] ARM: OMAP2+: DRA7: clockdomain: change l4per2_7xx_clkdm to SW_WKUP Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 096/102] ARM: rockchip: fix the CPU soft reset Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 097/102] ARM: dts: rockchip: fix rk3288 watchdog irq Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 098/102] ACPI, PCI: Penalize legacy IRQ used by ACPI SCI Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 099/102] drivercore: Fix unregistration path of platform devices Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 100/102] fs: Set the size of empty dirs to 0 Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 101/102] hpfs: update ctime and mtime on directory modification Greg Kroah-Hartman
2015-09-19 17:28 ` [PATCH 4.1 102/102] fs: create and use seq_show_option for escaping Greg Kroah-Hartman
2015-09-19 20:38 ` [PATCH 4.1 000/102] 4.1.8-stable review Guenter Roeck
2015-09-20 0:25 ` Guenter Roeck
2015-09-20 5:28 ` Willy Tarreau
2015-09-20 7:51 ` Sudip Mukherjee
2015-09-21 1:36 ` Greg Kroah-Hartman
2015-09-21 5:42 ` Sudip Mukherjee
2015-09-21 16:22 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150919171749.010834396@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=agraf@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=paulus@samba.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).