Re: [PATCH 2/2] KVM, Fix QEMU-KVM is killed by guest SRAO MCE

From: Avi Kivity
Date: Tue Apr 27 2010 - 03:47:38 EST

Next message: Li Zefan: "[PATCH 6/6] xconfig: Add support to show hidden options which haveprompts"
Previous message: Li Zefan: "[PATCH 5/6] xconfig: remove unused function"
In reply to: Huang Ying: "[PATCH 2/2] KVM, Fix QEMU-KVM is killed by guest SRAO MCE"
Next in thread: Huang Ying: "Re: [PATCH 2/2] KVM, Fix QEMU-KVM is killed by guest SRAO MCE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(please copy kvm@xxxxxxxxxxxxxxx on kvm patches)

On 04/27/2010 10:04 AM, Huang Ying wrote:

In common cases, guest SRAO MCE will cause corresponding poisoned page
be un-mapped and SIGBUS be sent to QEMU-KVM, then QEMU-KVM will relay
the MCE to guest OS.

But it is reported that if the poisoned page is accessed in guest
after un-mapped and before MCE is relayed to guest OS, QEMU-KVM will
be killed.

The reason is as follow. Because poisoned page has been un-mapped,
guest access will cause guest exit and kvm_mmu_page_fault will be
called. kvm_mmu_page_fault can not get the poisoned page for fault
address, so kernel and user space MMIO processing is tried in turn. In
user MMIO processing, poisoned page is accessed again, then QEMU-KVM
is killed by force_sig_info.

To fix the bug, kvm_mmu_page_fault send HWPOISON signal to QEMU-KVM
and do not try kernel and user space MMIO processing for poisoned
page.

--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -32,6 +32,7 @@
#include<linux/compiler.h>
#include<linux/srcu.h>
#include<linux/slab.h>
+#include<linux/uaccess.h>

#include<asm/page.h>
#include<asm/cmpxchg.h>
@@ -1972,6 +1973,17 @@ static int __direct_map(struct kvm_vcpu
return pt_write;
}

+static void kvm_send_hwpoison_signal(struct kvm *kvm, gfn_t gfn)
+{
+ char buf[1];
+ void __user *hva;
+ int r;
+
+ /* Touch the page, so send SIGBUS */
+ hva = (void __user *)gfn_to_hva(kvm, gfn);
+ r = copy_from_user(buf, hva, 1);

No error check? What will a copy_from_user() of poisoned page expected to return?

Best to return -EFAULT on failure for consistency.

+}
+
static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, int write, gfn_t gfn)
{
int r;
@@ -1997,7 +2009,11 @@ static int nonpaging_map(struct kvm_vcpu
/* mmio */
if (is_error_pfn(pfn)) {
kvm_release_pfn_clean(pfn);
- return 1;
+ if (is_hwpoison_pfn(pfn)) {
+ kvm_send_hwpoison_signal(vcpu->kvm, gfn);
+ return 0;
+ } else
+ return 1;
}

This is duplicated several times. Please introduce a kvm_handle_bad_page():

if (is_error_pfn(pfn))
return kvm_handle_bad_page(vcpu->kvm, gfn, pfn);

--
Do not meddle in the internals of kernels, for they are subtle and quick to panic.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Li Zefan: "[PATCH 6/6] xconfig: Add support to show hidden options which haveprompts"
Previous message: Li Zefan: "[PATCH 5/6] xconfig: remove unused function"
In reply to: Huang Ying: "[PATCH 2/2] KVM, Fix QEMU-KVM is killed by guest SRAO MCE"
Next in thread: Huang Ying: "Re: [PATCH 2/2] KVM, Fix QEMU-KVM is killed by guest SRAO MCE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]