diff options
author | Avi Kivity <avi@qumranet.com> | 2008-06-12 09:54:41 -0400 |
---|---|---|
committer | Avi Kivity <avi@qumranet.com> | 2008-06-24 05:20:12 -0400 |
commit | 6bf6a9532fd03ad719f0c86654f16ef777b78fc6 (patch) | |
tree | 4865d4cd48c98c5425218c5d8289367bd16c4105 /arch/x86 | |
parent | 3094538739415a9225afd2a6c78cb0fe1c1f641b (diff) |
KVM: MMU: Fix oops on guest userspace access to guest pagetable
KVM has a heuristic to unshadow guest pagetables when userspace accesses
them, on the assumption that most guests do not allow userspace to access
pagetables directly. Unfortunately, in addition to unshadowing the pagetables,
it also oopses.
This never triggers on ordinary guests since sane OSes will clear the
pagetables before assigning them to userspace, which will trigger the flood
heuristic, unshadowing the pagetables before the first userspace access. One
particular guest, though (Xenner) will run the kernel in userspace, triggering
the oops. Since the heuristic is incorrect in this case, we can simply
remove it.
Signed-off-by: Avi Kivity <avi@qumranet.com>
Diffstat (limited to 'arch/x86')
-rw-r--r-- | arch/x86/kvm/mmu.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index baa6503894d3..7e7c3969f7a2 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c | |||
@@ -1083,10 +1083,6 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte, | |||
1083 | struct kvm_mmu_page *shadow; | 1083 | struct kvm_mmu_page *shadow; |
1084 | 1084 | ||
1085 | spte |= PT_WRITABLE_MASK; | 1085 | spte |= PT_WRITABLE_MASK; |
1086 | if (user_fault) { | ||
1087 | mmu_unshadow(vcpu->kvm, gfn); | ||
1088 | goto unshadowed; | ||
1089 | } | ||
1090 | 1086 | ||
1091 | shadow = kvm_mmu_lookup_page(vcpu->kvm, gfn); | 1087 | shadow = kvm_mmu_lookup_page(vcpu->kvm, gfn); |
1092 | if (shadow || | 1088 | if (shadow || |
@@ -1103,8 +1099,6 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *shadow_pte, | |||
1103 | } | 1099 | } |
1104 | } | 1100 | } |
1105 | 1101 | ||
1106 | unshadowed: | ||
1107 | |||
1108 | if (pte_access & ACC_WRITE_MASK) | 1102 | if (pte_access & ACC_WRITE_MASK) |
1109 | mark_page_dirty(vcpu->kvm, gfn); | 1103 | mark_page_dirty(vcpu->kvm, gfn); |
1110 | 1104 | ||