From b16a74b08a1a534313f742cba1dbc6ff62b95e43 Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Fri, 20 Apr 2012 13:00:34 -0500 Subject: [PATCH] Linux v3.4-rc3-89-gc6f5c93 --- ...rom-the-iommu-when-slots-are-removed.patch | 92 ------------------- kernel.spec | 11 +-- sources | 2 +- 3 files changed, 5 insertions(+), 100 deletions(-) delete mode 100644 KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch diff --git a/KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch b/KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch deleted file mode 100644 index b98e392f7..000000000 --- a/KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch +++ /dev/null @@ -1,92 +0,0 @@ -commit 32f6daad4651a748a58a3ab6da0611862175722f -Author: Alex Williamson -Date: Wed Apr 11 09:51:49 2012 -0600 - - KVM: unmap pages from the iommu when slots are removed - - We've been adding new mappings, but not destroying old mappings. - This can lead to a page leak as pages are pinned using - get_user_pages, but only unpinned with put_page if they still - exist in the memslots list on vm shutdown. A memslot that is - destroyed while an iommu domain is enabled for the guest will - therefore result in an elevated page reference count that is - never cleared. - - Additionally, without this fix, the iommu is only programmed - with the first translation for a gpa. This can result in - peer-to-peer errors if a mapping is destroyed and replaced by a - new mapping at the same gpa as the iommu will still be pointing - to the original, pinned memory address. - - Signed-off-by: Alex Williamson - Signed-off-by: Marcelo Tosatti - -diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index 665a260..72cbf08 100644 ---- a/include/linux/kvm_host.h -+++ b/include/linux/kvm_host.h -@@ -596,6 +596,7 @@ void kvm_free_irq_source_id(struct kvm *kvm, int irq_source_id); - - #ifdef CONFIG_IOMMU_API - int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot); -+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot); - int kvm_iommu_map_guest(struct kvm *kvm); - int kvm_iommu_unmap_guest(struct kvm *kvm); - int kvm_assign_device(struct kvm *kvm, -@@ -609,6 +610,11 @@ static inline int kvm_iommu_map_pages(struct kvm *kvm, - return 0; - } - -+static inline void kvm_iommu_unmap_pages(struct kvm *kvm, -+ struct kvm_memory_slot *slot) -+{ -+} -+ - static inline int kvm_iommu_map_guest(struct kvm *kvm) - { - return -ENODEV; -diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c -index a457d21..fec1723 100644 ---- a/virt/kvm/iommu.c -+++ b/virt/kvm/iommu.c -@@ -310,6 +310,11 @@ static void kvm_iommu_put_pages(struct kvm *kvm, - } - } - -+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot) -+{ -+ kvm_iommu_put_pages(kvm, slot->base_gfn, slot->npages); -+} -+ - static int kvm_iommu_unmap_memslots(struct kvm *kvm) - { - int idx; -@@ -320,7 +325,7 @@ static int kvm_iommu_unmap_memslots(struct kvm *kvm) - slots = kvm_memslots(kvm); - - kvm_for_each_memslot(memslot, slots) -- kvm_iommu_put_pages(kvm, memslot->base_gfn, memslot->npages); -+ kvm_iommu_unmap_pages(kvm, memslot); - - srcu_read_unlock(&kvm->srcu, idx); - -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 42b7393..9739b53 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -808,12 +808,13 @@ int __kvm_set_memory_region(struct kvm *kvm, - if (r) - goto out_free; - -- /* map the pages in iommu page table */ -+ /* map/unmap the pages in iommu page table */ - if (npages) { - r = kvm_iommu_map_pages(kvm, &new); - if (r) - goto out_free; -- } -+ } else -+ kvm_iommu_unmap_pages(kvm, &old); - - r = -ENOMEM; - slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots), diff --git a/kernel.spec b/kernel.spec index 3fb13c567..7a37cb862 100644 --- a/kernel.spec +++ b/kernel.spec @@ -95,7 +95,7 @@ Summary: The Linux kernel # The rc snapshot level %define rcrev 3 # The git snapshot level -%define gitrev 3 +%define gitrev 4 # Set rpm version accordingly %define rpmversion 3.%{upstream_sublevel}.0 %endif @@ -749,9 +749,6 @@ Patch22000: weird-root-dentry-name-debug.patch #selinux ptrace child permissions Patch22001: selinux-apply-different-permission-to-ptrace-child.patch -#rhbz 814149 814155 CVE-2012-2121 -Patch22006: KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch - #rhbz 814278 814289 CVE-2012-2119 Patch22007: macvtap-zerocopy-validate-vector-length.patch @@ -1453,9 +1450,6 @@ ApplyPatch vgaarb-vga_default_device.patch ApplyPatch x86-microcode-Fix-sysfs-warning-during-module-unload-on-unsupported-CPUs.patch ApplyPatch x86-microcode-Ensure-that-module-is-only-loaded-for-supported-AMD-CPUs.patch -#rhbz 814149 814155 CVE-2012-2121 -ApplyPatch KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch - #rhbz 814278 814289 CVE-2012-2119 ApplyPatch macvtap-zerocopy-validate-vector-length.patch @@ -2319,6 +2313,9 @@ fi # ||----w | # || || %changelog +* Fri Apr 20 2012 Justin M. Forbes - 3.4.0-0.rc3.git4.1 +- Linux v3.4-rc3-89-gc6f5c93 + * Thu Apr 19 2012 Justin M. Forbes - 3.4.0-0.rc3.git3.1 - Linux v3.4-rc3-65-g9b7f43a diff --git a/sources b/sources index 8f32eb395..8b3b84b55 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ 7133f5a2086a7d7ef97abac610c094f5 linux-3.3.tar.xz 2dfdc406169c0fcec64d5f939a44aff0 patch-3.4-rc3.xz -92d57dac7a77f41fb939df4eb3024aea patch-3.4-rc3-git3.xz +3625feae37f8e7dbd1f3cd2243a37bed patch-3.4-rc3-git4.xz