Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichal Suchanek <msuchanek@suse.de>2018-10-31 13:27:38 +0100
committerMichal Suchanek <msuchanek@suse.de>2018-10-31 23:28:45 +0100
commit091ec6b94e45c09d9c4589246d9dc5017ed8f58a (patch)
tree90fcceadf69441bc0608950a41ed695eaaf4ec3b
parente52f30e059f506f22e71e8e5894ca58104852ea4 (diff)
KVM: PPC: Book3S HV: Avoid crash from THP collapse during
radix page fault (bsc#1061840).
-rw-r--r--patches.arch/KVM-PPC-Book3S-HV-Avoid-crash-from-THP-collapse-duri.patch60
-rw-r--r--series.conf1
2 files changed, 61 insertions, 0 deletions
diff --git a/patches.arch/KVM-PPC-Book3S-HV-Avoid-crash-from-THP-collapse-duri.patch b/patches.arch/KVM-PPC-Book3S-HV-Avoid-crash-from-THP-collapse-duri.patch
new file mode 100644
index 0000000000..778c03cd2e
--- /dev/null
+++ b/patches.arch/KVM-PPC-Book3S-HV-Avoid-crash-from-THP-collapse-duri.patch
@@ -0,0 +1,60 @@
+From 6579804c431712d56956a63b1a01509441cc6800 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Thu, 4 Oct 2018 14:51:11 +1000
+Subject: [PATCH] KVM: PPC: Book3S HV: Avoid crash from THP collapse during
+ radix page fault
+
+References: bsc#1061840
+Patch-mainline: v4.19-rc7
+Git-commit: 6579804c431712d56956a63b1a01509441cc6800
+
+Commit 71d29f43b633 ("KVM: PPC: Book3S HV: Don't use compound_order to
+determine host mapping size", 2018-09-11) added a call to
+__find_linux_pte() and a dereference of the returned PTE pointer to the
+radix page fault path in the common case where the page is normal
+system memory. Previously, __find_linux_pte() was only called for
+mappings to physical addresses which don't have a page struct (e.g.
+memory-mapped I/O) or where the page struct is marked as reserved
+memory.
+
+This exposes us to the possibility that the returned PTE pointer
+could be NULL, for example in the case of a concurrent THP collapse
+operation. Dereferencing the returned NULL pointer causes a host
+crash.
+
+To fix this, we check for NULL, and if it is NULL, we retry the
+operation by returning to the guest, with the expectation that it
+will generate the same page fault again (unless of course it has
+been fixed up by another CPU in the meantime).
+
+Fixes: 71d29f43b633 ("KVM: PPC: Book3S HV: Don't use compound_order to determine host mapping size")
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Acked-by: Michal Suchanek <msuchanek@suse.de>
+---
+ arch/powerpc/kvm/book3s_64_mmu_radix.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/arch/powerpc/kvm/book3s_64_mmu_radix.c b/arch/powerpc/kvm/book3s_64_mmu_radix.c
+index 933c574e1cf7..998f8d089ac7 100644
+--- a/arch/powerpc/kvm/book3s_64_mmu_radix.c
++++ b/arch/powerpc/kvm/book3s_64_mmu_radix.c
+@@ -646,6 +646,16 @@ int kvmppc_book3s_radix_page_fault(struct kvm_run *run, struct kvm_vcpu *vcpu,
+ */
+ local_irq_disable();
+ ptep = __find_linux_pte(vcpu->arch.pgdir, hva, NULL, &shift);
++ /*
++ * If the PTE disappeared temporarily due to a THP
++ * collapse, just return and let the guest try again.
++ */
++ if (!ptep) {
++ local_irq_enable();
++ if (page)
++ put_page(page);
++ return RESUME_GUEST;
++ }
+ pte = *ptep;
+ local_irq_enable();
+
+--
+2.13.7
+
diff --git a/series.conf b/series.conf
index f8d8178f40..cb3b61f8a8 100644
--- a/series.conf
+++ b/series.conf
@@ -18215,6 +18215,7 @@
patches.drivers/crypto-qat-Fix-KASAN-stack-out-of-bounds-bug-in-adf_.patch
patches.arch/kvm-nvmx-do-not-expose-mpx-vmx-controls-when-guest-mpx-disabled
patches.arch/kvm-x86-do-not-use-kvm_x86_ops-mpx_supported-directly
+ patches.arch/KVM-PPC-Book3S-HV-Avoid-crash-from-THP-collapse-duri.patch
patches.drivers/iommu-amd-clear-memory-encryption-mask-from-physical-address
patches.drivers/ALSA-hda-realtek-Cannot-adjust-speaker-s-volume-on-D.patch
patches.suse/sched-numa-Stop-multiple-tasks-from-moving-to-the-CPU-at-the-same-time.patch