6 files changed, 95 insertions, 15 deletions

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index b1ed0a1a5913..b666d8d106a9 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -32,6 +32,7 @@
 #include <linux/compiler.h>
 #include <linux/srcu.h>
 #include <linux/slab.h>
+#include <linux/uaccess.h>
 
 #include <asm/page.h>
 #include <asm/cmpxchg.h>
@@ -1960,6 +1961,27 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v, int write,
         return pt_write;
 }
 
+static void kvm_send_hwpoison_signal(struct kvm *kvm, gfn_t gfn)
+{
+        char buf[1];
+        void __user *hva;
+        int r;
+
+        /* Touch the page, so send SIGBUS */
+        hva = (void __user *)gfn_to_hva(kvm, gfn);
+        r = copy_from_user(buf, hva, 1);
+}
+
+static int kvm_handle_bad_page(struct kvm *kvm, gfn_t gfn, pfn_t pfn)
+{
+        kvm_release_pfn_clean(pfn);
+        if (is_hwpoison_pfn(pfn)) {
+                kvm_send_hwpoison_signal(kvm, gfn);
+                return 0;
+        }
+        return 1;
+}
+
 static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, int write, gfn_t gfn)
 {
         int r;
@@ -1983,10 +2005,8 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, int write, gfn_t gfn)
         pfn = gfn_to_pfn(vcpu->kvm, gfn);
 
         /* mmio */
-        if (is_error_pfn(pfn)) {
-                kvm_release_pfn_clean(pfn);
-                return 1;
-        }
+        if (is_error_pfn(pfn))
+                return kvm_handle_bad_page(vcpu->kvm, gfn, pfn);
 
         spin_lock(&vcpu->kvm->mmu_lock);
         if (mmu_notifier_retry(vcpu, mmu_seq))
@@ -2198,10 +2218,8 @@ static int tdp_page_fault(struct kvm_vcpu *vcpu, gva_t gpa,
         mmu_seq = vcpu->kvm->mmu_notifier_seq;
         smp_rmb();
         pfn = gfn_to_pfn(vcpu->kvm, gfn);
-        if (is_error_pfn(pfn)) {
-                kvm_release_pfn_clean(pfn);
-                return 1;
-        }
+        if (is_error_pfn(pfn))
+                return kvm_handle_bad_page(vcpu->kvm, gfn, pfn);
         spin_lock(&vcpu->kvm->mmu_lock);
         if (mmu_notifier_retry(vcpu, mmu_seq))
                 goto out_unlock;
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 2331bdc2b549..c7f27779c998 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -431,11 +431,8 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr,
         pfn = gfn_to_pfn(vcpu->kvm, walker.gfn);
 
         /* mmio */
-        if (is_error_pfn(pfn)) {
-                pgprintk("gfn %lx is mmio\n", walker.gfn);
-                kvm_release_pfn_clean(pfn);
-                return 1;
-        }
+        if (is_error_pfn(pfn))
+                return kvm_handle_bad_page(vcpu->kvm, walker.gfn, pfn);
 
         spin_lock(&vcpu->kvm->mmu_lock);
         if (mmu_notifier_retry(vcpu, mmu_seq))
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 7cb116afa1cd..a0e019769f5d 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -266,6 +266,7 @@ extern pfn_t bad_pfn;
 
 int is_error_page(struct page *page);
 int is_error_pfn(pfn_t pfn);
+int is_hwpoison_pfn(pfn_t pfn);
 int kvm_is_error_hva(unsigned long addr);
 int kvm_set_memory_region(struct kvm *kvm,
                           struct kvm_userspace_memory_region *mem,
diff --git a/include/linux/mm.h b/include/linux/mm.h
index a2b48041b910..7a9ab7db1975 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1465,6 +1465,14 @@ extern int sysctl_memory_failure_recovery;
 extern void shake_page(struct page *p, int access);
 extern atomic_long_t mce_bad_pages;
 extern int soft_offline_page(struct page *page, int flags);
+#ifdef CONFIG_MEMORY_FAILURE
+int is_hwpoison_address(unsigned long addr);
+#else
+static inline int is_hwpoison_address(unsigned long addr)
+{
+        return 0;
+}
+#endif
 
 extern void dump_page(struct page *page);
 
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 620b0b461593..378b0f61fd3c 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -45,6 +45,7 @@
 #include <linux/page-isolation.h>
 #include <linux/suspend.h>
 #include <linux/slab.h>
+#include <linux/swapops.h>
 #include "internal.h"
 
 int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -1296,3 +1297,32 @@ done:
         /* keep elevated page count for bad page */
         return ret;
 }
+
+int is_hwpoison_address(unsigned long addr)
+{
+        pgd_t *pgdp;
+        pud_t pud, *pudp;
+        pmd_t pmd, *pmdp;
+        pte_t pte, *ptep;
+        swp_entry_t entry;
+
+        pgdp = pgd_offset(current->mm, addr);
+        if (!pgd_present(*pgdp))
+                return 0;
+        pudp = pud_offset(pgdp, addr);
+        pud = *pudp;
+        if (!pud_present(pud) || pud_large(pud))
+                return 0;
+        pmdp = pmd_offset(pudp, addr);
+        pmd = *pmdp;
+        if (!pmd_present(pmd) || pmd_large(pmd))
+                return 0;
+        ptep = pte_offset_map(pmdp, addr);
+        pte = *ptep;
+        pte_unmap(ptep);
+        if (!is_swap_pte(pte))
+                return 0;
+        entry = pte_to_swp_entry(pte);
+        return is_hwpoison_entry(entry);
+}
+EXPORT_SYMBOL_GPL(is_hwpoison_address);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index f032806a212f..187aa8d984a7 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -92,6 +92,9 @@ static bool kvm_rebooting;
 
 static bool largepages_enabled = true;
 
+struct page *hwpoison_page;
+pfn_t hwpoison_pfn;
+
 inline int kvm_is_mmio_pfn(pfn_t pfn)
 {
         if (pfn_valid(pfn)) {
@@ -810,16 +813,22 @@ EXPORT_SYMBOL_GPL(kvm_disable_largepages);
 
 int is_error_page(struct page *page)
 {
-        return page == bad_page;
+        return page == bad_page || page == hwpoison_page;
 }
 EXPORT_SYMBOL_GPL(is_error_page);
 
 int is_error_pfn(pfn_t pfn)
 {
-        return pfn == bad_pfn;
+        return pfn == bad_pfn || pfn == hwpoison_pfn;
 }
 EXPORT_SYMBOL_GPL(is_error_pfn);
 
+int is_hwpoison_pfn(pfn_t pfn)
+{
+        return pfn == hwpoison_pfn;
+}
+EXPORT_SYMBOL_GPL(is_hwpoison_pfn);
+
 static inline unsigned long bad_hva(void)
 {
         return PAGE_OFFSET;
@@ -945,6 +954,11 @@ static pfn_t hva_to_pfn(struct kvm *kvm, unsigned long addr)
         if (unlikely(npages != 1)) {
                 struct vm_area_struct *vma;
 
+                if (is_hwpoison_address(addr)) {
+                        get_page(hwpoison_page);
+                        return page_to_pfn(hwpoison_page);
+                }
+
                 down_read(&current->mm->mmap_sem);
                 vma = find_vma(current->mm, addr);
 
@@ -2197,6 +2211,15 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
 
         bad_pfn = page_to_pfn(bad_page);
 
+        hwpoison_page = alloc_page(GFP_KERNEL | __GFP_ZERO);
+
+        if (hwpoison_page == NULL) {
+                r = -ENOMEM;
+                goto out_free_0;
+        }
+
+        hwpoison_pfn = page_to_pfn(hwpoison_page);
+
         if (!zalloc_cpumask_var(&cpus_hardware_enabled, GFP_KERNEL)) {
                 r = -ENOMEM;
                 goto out_free_0;
@@ -2269,6 +2292,8 @@ out_free_1:
 out_free_0a:
         free_cpumask_var(cpus_hardware_enabled);
 out_free_0:
+        if (hwpoison_page)
+                __free_page(hwpoison_page);
         __free_page(bad_page);
 out:
         kvm_arch_exit();
@@ -2290,6 +2315,7 @@ void kvm_exit(void)
         kvm_arch_hardware_unsetup();
         kvm_arch_exit();
         free_cpumask_var(cpus_hardware_enabled);
+        __free_page(hwpoison_page);
         __free_page(bad_page);
 }
 EXPORT_SYMBOL_GPL(kvm_exit);