aboutsummaryrefslogtreecommitdiffstats
path: root/mm
diff options
context:
space:
mode:
authorHuang Ying <ying.huang@intel.com>2010-05-31 02:28:19 -0400
committerAvi Kivity <avi@redhat.com>2010-08-01 03:35:26 -0400
commitbf998156d24bcb127318ad5bf531ac3bdfcd6449 (patch)
tree616c19474d7cb626ff9eebc54f6753563a4322cd /mm
parent540ad6b62b3a188a53b51cac81d8a60d40e29fbd (diff)
KVM: Avoid killing userspace through guest SRAO MCE on unmapped pages
In common cases, guest SRAO MCE will cause corresponding poisoned page be un-mapped and SIGBUS be sent to QEMU-KVM, then QEMU-KVM will relay the MCE to guest OS. But it is reported that if the poisoned page is accessed in guest after unmapping and before MCE is relayed to guest OS, userspace will be killed. The reason is as follows. Because poisoned page has been un-mapped, guest access will cause guest exit and kvm_mmu_page_fault will be called. kvm_mmu_page_fault can not get the poisoned page for fault address, so kernel and user space MMIO processing is tried in turn. In user MMIO processing, poisoned page is accessed again, then userspace is killed by force_sig_info. To fix the bug, kvm_mmu_page_fault send HWPOISON signal to QEMU-KVM and do not try kernel and user space MMIO processing for poisoned page. [xiao: fix warning introduced by avi] Reported-by: Max Asbock <masbock@linux.vnet.ibm.com> Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
Diffstat (limited to 'mm')
-rw-r--r--mm/memory-failure.c30
1 files changed, 30 insertions, 0 deletions
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 620b0b461593..378b0f61fd3c 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -45,6 +45,7 @@
45#include <linux/page-isolation.h> 45#include <linux/page-isolation.h>
46#include <linux/suspend.h> 46#include <linux/suspend.h>
47#include <linux/slab.h> 47#include <linux/slab.h>
48#include <linux/swapops.h>
48#include "internal.h" 49#include "internal.h"
49 50
50int sysctl_memory_failure_early_kill __read_mostly = 0; 51int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -1296,3 +1297,32 @@ done:
1296 /* keep elevated page count for bad page */ 1297 /* keep elevated page count for bad page */
1297 return ret; 1298 return ret;
1298} 1299}
1300
1301int is_hwpoison_address(unsigned long addr)
1302{
1303 pgd_t *pgdp;
1304 pud_t pud, *pudp;
1305 pmd_t pmd, *pmdp;
1306 pte_t pte, *ptep;
1307 swp_entry_t entry;
1308
1309 pgdp = pgd_offset(current->mm, addr);
1310 if (!pgd_present(*pgdp))
1311 return 0;
1312 pudp = pud_offset(pgdp, addr);
1313 pud = *pudp;
1314 if (!pud_present(pud) || pud_large(pud))
1315 return 0;
1316 pmdp = pmd_offset(pudp, addr);
1317 pmd = *pmdp;
1318 if (!pmd_present(pmd) || pmd_large(pmd))
1319 return 0;
1320 ptep = pte_offset_map(pmdp, addr);
1321 pte = *ptep;
1322 pte_unmap(ptep);
1323 if (!is_swap_pte(pte))
1324 return 0;
1325 entry = pte_to_swp_entry(pte);
1326 return is_hwpoison_entry(entry);
1327}
1328EXPORT_SYMBOL_GPL(is_hwpoison_address);