| Message ID | 5ae3371dc11534460b722864ea8c6ef27e8506d1.1471018436.git-series.james.hogan@imgtec.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On 08/18/2016 05:05 AM, James Hogan wrote: > commit 8985d50382359e5bf118fdbefc859d0dbf6cebc7 upstream. > > kvm_mips_handle_mapped_seg_tlb_fault() calculates the guest frame number > based on the guest TLB EntryLo values, however it is not range checked > to ensure it lies within the guest_pmap. If the physical memory the > guest refers to is out of range then dump the guest TLB and emit an > internal error. > > Fixes: 858dd5d45733 ("KVM/MIPS32: MMU/TLB operations for the Guest.") > Signed-off-by: James Hogan <james.hogan@imgtec.com> > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: "Radim Krčmář" <rkrcmar@redhat.com> > Cc: Ralf Baechle <ralf@linux-mips.org> > Cc: linux-mips@linux-mips.org > Cc: kvm@vger.kernel.org > Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> > [james.hogan@imgtec.com: Backport to v3.17.y - v4.4.y] > Signed-off-by: James Hogan <james.hogan@imgtec.com> Hey James, Thanks for the backport! Applying this one seems to fail with: $ git apply --reject [PATCH BACKPORT 3.17-4.4 1_4] MIPS: KVM: Fix mapped fault broken commpage handling - James Hogan <james.hogan@imgtec.com> - 2016-08-18 0505.eml Checking patch arch/mips/kvm/tlb.c... error: while searching for: unsigned long entryhi = 0, entrylo0 = 0, entrylo1 = 0; struct kvm *kvm = vcpu->kvm; pfn_t pfn0, pfn1; long tlb_lo[2]; tlb_lo[0] = tlb->tlb_lo0; error: patch failed: arch/mips/kvm/tlb.c:361 error: while searching for: VPN2_MASK & (PAGE_MASK << 1))) tlb_lo[(KVM_GUEST_COMMPAGE_ADDR >> PAGE_SHIFT) & 1] = 0; if (kvm_mips_map_page(kvm, mips3_tlbpfn_to_paddr(tlb_lo[0]) >> PAGE_SHIFT) < 0) return -1; if (kvm_mips_map_page(kvm, mips3_tlbpfn_to_paddr(tlb_lo[1]) >> PAGE_SHIFT) < 0) return -1; pfn0 = kvm->arch.guest_pmap[mips3_tlbpfn_to_paddr(tlb_lo[0]) >> PAGE_SHIFT]; pfn1 = kvm->arch.guest_pmap[mips3_tlbpfn_to_paddr(tlb_lo[1]) >> PAGE_SHIFT]; if (hpa0) *hpa0 = pfn0 << PAGE_SHIFT; error: patch failed: arch/mips/kvm/tlb.c:374 Applying patch arch/mips/kvm/tlb.c with 2 rejects... Rejected hunk #1. Rejected hunk #2. Thanks, Sasha
On 08/18/2016 07:45 AM, Sasha Levin wrote: > On 08/18/2016 05:05 AM, James Hogan wrote: >> > commit 8985d50382359e5bf118fdbefc859d0dbf6cebc7 upstream. >> > >> > kvm_mips_handle_mapped_seg_tlb_fault() calculates the guest frame number >> > based on the guest TLB EntryLo values, however it is not range checked >> > to ensure it lies within the guest_pmap. If the physical memory the >> > guest refers to is out of range then dump the guest TLB and emit an >> > internal error. >> > >> > Fixes: 858dd5d45733 ("KVM/MIPS32: MMU/TLB operations for the Guest.") >> > Signed-off-by: James Hogan <james.hogan@imgtec.com> >> > Cc: Paolo Bonzini <pbonzini@redhat.com> >> > Cc: "Radim Krčmář" <rkrcmar@redhat.com> >> > Cc: Ralf Baechle <ralf@linux-mips.org> >> > Cc: linux-mips@linux-mips.org >> > Cc: kvm@vger.kernel.org >> > Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> >> > [james.hogan@imgtec.com: Backport to v3.17.y - v4.4.y] >> > Signed-off-by: James Hogan <james.hogan@imgtec.com> > Hey James, > > Thanks for the backport! > > Applying this one seems to fail with: *Applying to this one to 4.1, sorry. Thanks, Sasha
Hi Sasha, On Thu, Aug 18, 2016 at 07:45:33AM -0400, Levin, Alexander wrote: > On 08/18/2016 05:05 AM, James Hogan wrote: > > commit 8985d50382359e5bf118fdbefc859d0dbf6cebc7 upstream. > > > > kvm_mips_handle_mapped_seg_tlb_fault() calculates the guest frame number > > based on the guest TLB EntryLo values, however it is not range checked > > to ensure it lies within the guest_pmap. If the physical memory the > > guest refers to is out of range then dump the guest TLB and emit an > > internal error. > > > > Fixes: 858dd5d45733 ("KVM/MIPS32: MMU/TLB operations for the Guest.") > > Signed-off-by: James Hogan <james.hogan@imgtec.com> > > Cc: Paolo Bonzini <pbonzini@redhat.com> > > Cc: "Radim Krčmář" <rkrcmar@redhat.com> > > Cc: Ralf Baechle <ralf@linux-mips.org> > > Cc: linux-mips@linux-mips.org > > Cc: kvm@vger.kernel.org > > Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> > > [james.hogan@imgtec.com: Backport to v3.17.y - v4.4.y] > > Signed-off-by: James Hogan <james.hogan@imgtec.com> > > Hey James, > > Thanks for the backport! > > Applying this one seems to fail with: > > $ git apply --reject [PATCH BACKPORT 3.17-4.4 1_4] MIPS: KVM: Fix mapped > fault broken commpage handling - James Hogan <james.hogan@imgtec.com> - > 2016-08-18 0505.eml > Checking patch arch/mips/kvm/tlb.c... > error: while searching for: > unsigned long entryhi = 0, entrylo0 = 0, entrylo1 = 0; > struct kvm *kvm = vcpu->kvm; > pfn_t pfn0, pfn1; > long tlb_lo[2]; > > tlb_lo[0] = tlb->tlb_lo0; > > error: patch failed: arch/mips/kvm/tlb.c:361 > error: while searching for: > VPN2_MASK & (PAGE_MASK << 1))) > tlb_lo[(KVM_GUEST_COMMPAGE_ADDR >> PAGE_SHIFT) & 1] = 0; > > if (kvm_mips_map_page(kvm, mips3_tlbpfn_to_paddr(tlb_lo[0]) > >> PAGE_SHIFT) < 0) > return -1; > > if (kvm_mips_map_page(kvm, mips3_tlbpfn_to_paddr(tlb_lo[1]) > >> PAGE_SHIFT) < 0) > return -1; > > pfn0 = kvm->arch.guest_pmap[mips3_tlbpfn_to_paddr(tlb_lo[0]) > >> PAGE_SHIFT]; > pfn1 = kvm->arch.guest_pmap[mips3_tlbpfn_to_paddr(tlb_lo[1]) > >> PAGE_SHIFT]; > > if (hpa0) > *hpa0 = pfn0 << PAGE_SHIFT; > > error: patch failed: arch/mips/kvm/tlb.c:374 > Applying patch arch/mips/kvm/tlb.c with 2 rejects... > Rejected hunk #1. > Rejected hunk #2. This works for me (on 558ba5fd7d8d Linux 4.1.30) as long as 1/4 is applied first. Are you applying them in the right order? Cheers James
diff --git a/arch/mips/kvm/tlb.c b/arch/mips/kvm/tlb.c index d3c5715426c4..59e885fa4c65 100644 --- a/arch/mips/kvm/tlb.c +++ b/arch/mips/kvm/tlb.c @@ -361,6 +361,7 @@ int kvm_mips_handle_mapped_seg_tlb_fault(struct kvm_vcpu *vcpu, unsigned long entryhi = 0, entrylo0 = 0, entrylo1 = 0; struct kvm *kvm = vcpu->kvm; pfn_t pfn0, pfn1; + gfn_t gfn0, gfn1; long tlb_lo[2]; tlb_lo[0] = tlb->tlb_lo0; @@ -374,18 +375,24 @@ int kvm_mips_handle_mapped_seg_tlb_fault(struct kvm_vcpu *vcpu, VPN2_MASK & (PAGE_MASK << 1))) tlb_lo[(KVM_GUEST_COMMPAGE_ADDR >> PAGE_SHIFT) & 1] = 0; - if (kvm_mips_map_page(kvm, mips3_tlbpfn_to_paddr(tlb_lo[0]) - >> PAGE_SHIFT) < 0) + gfn0 = mips3_tlbpfn_to_paddr(tlb_lo[0]) >> PAGE_SHIFT; + gfn1 = mips3_tlbpfn_to_paddr(tlb_lo[1]) >> PAGE_SHIFT; + if (gfn0 >= kvm->arch.guest_pmap_npages || + gfn1 >= kvm->arch.guest_pmap_npages) { + kvm_err("%s: Invalid gfn: [%#llx, %#llx], EHi: %#lx\n", + __func__, gfn0, gfn1, tlb->tlb_hi); + kvm_mips_dump_guest_tlbs(vcpu); + return -1; + } + + if (kvm_mips_map_page(kvm, gfn0) < 0) return -1; - if (kvm_mips_map_page(kvm, mips3_tlbpfn_to_paddr(tlb_lo[1]) - >> PAGE_SHIFT) < 0) + if (kvm_mips_map_page(kvm, gfn1) < 0) return -1; - pfn0 = kvm->arch.guest_pmap[mips3_tlbpfn_to_paddr(tlb_lo[0]) - >> PAGE_SHIFT]; - pfn1 = kvm->arch.guest_pmap[mips3_tlbpfn_to_paddr(tlb_lo[1]) - >> PAGE_SHIFT]; + pfn0 = kvm->arch.guest_pmap[gfn0]; + pfn1 = kvm->arch.guest_pmap[gfn1]; if (hpa0) *hpa0 = pfn0 << PAGE_SHIFT;
commit 8985d50382359e5bf118fdbefc859d0dbf6cebc7 upstream. kvm_mips_handle_mapped_seg_tlb_fault() calculates the guest frame number based on the guest TLB EntryLo values, however it is not range checked to ensure it lies within the guest_pmap. If the physical memory the guest refers to is out of range then dump the guest TLB and emit an internal error. Fixes: 858dd5d45733 ("KVM/MIPS32: MMU/TLB operations for the Guest.") Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: "Radim Krčmář" <rkrcmar@redhat.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org Signed-off-by: Radim Krčmář <rkrcmar@redhat.com> [james.hogan@imgtec.com: Backport to v3.17.y - v4.4.y] Signed-off-by: James Hogan <james.hogan@imgtec.com> --- arch/mips/kvm/tlb.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-)