diff options
| author | Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp> | 2013-01-30 05:40:41 -0500 |
|---|---|---|
| committer | Marcelo Tosatti <mtosatti@redhat.com> | 2013-02-04 19:56:47 -0500 |
| commit | 75d61fbcf563373696578570e914f555e12c8d97 (patch) | |
| tree | 8835d8a5cf79704569f568675792672c930746ae /Documentation/virtual | |
| parent | f64c0398939483eb1d8951f24fbc21e94ed54457 (diff) | |
KVM: set_memory_region: Disallow changing read-only attribute later
As Xiao pointed out, there are a few problems with it:
- kvm_arch_commit_memory_region() write protects the memory slot only
for GET_DIRTY_LOG when modifying the flags.
- FNAME(sync_page) uses the old spte value to set a new one without
checking KVM_MEM_READONLY flag.
Since we flush all shadow pages when creating a new slot, the simplest
fix is to disallow such problematic flag changes: this is safe because
no one is doing such things.
Reviewed-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp>
Cc: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Diffstat (limited to 'Documentation/virtual')
| -rw-r--r-- | Documentation/virtual/kvm/api.txt | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt index 09905cbcbb0b..0e03b1968272 100644 --- a/Documentation/virtual/kvm/api.txt +++ b/Documentation/virtual/kvm/api.txt | |||
| @@ -874,12 +874,12 @@ It is recommended that the lower 21 bits of guest_phys_addr and userspace_addr | |||
| 874 | be identical. This allows large pages in the guest to be backed by large | 874 | be identical. This allows large pages in the guest to be backed by large |
| 875 | pages in the host. | 875 | pages in the host. |
| 876 | 876 | ||
| 877 | The flags field supports two flag, KVM_MEM_LOG_DIRTY_PAGES, which instructs | 877 | The flags field supports two flags: KVM_MEM_LOG_DIRTY_PAGES and |
| 878 | kvm to keep track of writes to memory within the slot. See KVM_GET_DIRTY_LOG | 878 | KVM_MEM_READONLY. The former can be set to instruct KVM to keep track of |
| 879 | ioctl. The KVM_CAP_READONLY_MEM capability indicates the availability of the | 879 | writes to memory within the slot. See KVM_GET_DIRTY_LOG ioctl to know how to |
| 880 | KVM_MEM_READONLY flag. When this flag is set for a memory region, KVM only | 880 | use it. The latter can be set, if KVM_CAP_READONLY_MEM capability allows it, |
| 881 | allows read accesses. Writes will be posted to userspace as KVM_EXIT_MMIO | 881 | to make a new slot read-only. In this case, writes to this memory will be |
| 882 | exits. | 882 | posted to userspace as KVM_EXIT_MMIO exits. |
| 883 | 883 | ||
| 884 | When the KVM_CAP_SYNC_MMU capability is available, changes in the backing of | 884 | When the KVM_CAP_SYNC_MMU capability is available, changes in the backing of |
| 885 | the memory region are automatically reflected into the guest. For example, an | 885 | the memory region are automatically reflected into the guest. For example, an |