rpms/kernel
8
2
Fork 6
Code Issues Pull Requests Releases Activity

Linux v3.4-rc3-89-gc6f5c93

Browse Source
This commit is contained in:
Justin M. Forbes 2012-04-20 13:00:34 -05:00
parent 1174973de1
commit b16a74b08a
3 changed files with 5 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
View File

@ -1,92 +0,0 @@
commit 32f6daad4651a748a58a3ab6da0611862175722f
Author: Alex Williamson <alex.williamson@redhat.com>
Date: Wed Apr 11 09:51:49 2012 -0600
KVM: unmap pages from the iommu when slots are removed
We've been adding new mappings, but not destroying old mappings.
This can lead to a page leak as pages are pinned using
get_user_pages, but only unpinned with put_page if they still
exist in the memslots list on vm shutdown. A memslot that is
destroyed while an iommu domain is enabled for the guest will
therefore result in an elevated page reference count that is
never cleared.
Additionally, without this fix, the iommu is only programmed
with the first translation for a gpa. This can result in
peer-to-peer errors if a mapping is destroyed and replaced by a
new mapping at the same gpa as the iommu will still be pointing
to the original, pinned memory address.
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index 665a260..72cbf08 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -596,6 +596,7 @@ void kvm_free_irq_source_id(struct kvm *kvm, int irq_source_id);
#ifdef CONFIG_IOMMU_API
int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot);
+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot);
int kvm_iommu_map_guest(struct kvm *kvm);
int kvm_iommu_unmap_guest(struct kvm *kvm);
int kvm_assign_device(struct kvm *kvm,
@@ -609,6 +610,11 @@ static inline int kvm_iommu_map_pages(struct kvm *kvm,
return 0;
}
+static inline void kvm_iommu_unmap_pages(struct kvm *kvm,
+ struct kvm_memory_slot *slot)
+{
+}
+
static inline int kvm_iommu_map_guest(struct kvm *kvm)
{
return -ENODEV;
diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
index a457d21..fec1723 100644
--- a/virt/kvm/iommu.c
+++ b/virt/kvm/iommu.c
@@ -310,6 +310,11 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
}
}
+void kvm_iommu_unmap_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+{
+ kvm_iommu_put_pages(kvm, slot->base_gfn, slot->npages);
+}
+
static int kvm_iommu_unmap_memslots(struct kvm *kvm)
{
int idx;
@@ -320,7 +325,7 @@ static int kvm_iommu_unmap_memslots(struct kvm *kvm)
slots = kvm_memslots(kvm);
kvm_for_each_memslot(memslot, slots)
- kvm_iommu_put_pages(kvm, memslot->base_gfn, memslot->npages);
+ kvm_iommu_unmap_pages(kvm, memslot);
srcu_read_unlock(&kvm->srcu, idx);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 42b7393..9739b53 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -808,12 +808,13 @@ int __kvm_set_memory_region(struct kvm *kvm,
if (r)
goto out_free;
- /* map the pages in iommu page table */
+ /* map/unmap the pages in iommu page table */
if (npages) {
r = kvm_iommu_map_pages(kvm, &new);
if (r)
goto out_free;
- }
+ } else
+ kvm_iommu_unmap_pages(kvm, &old);
r = -ENOMEM;
slots = kmemdup(kvm->memslots, sizeof(struct kvm_memslots),

11
kernel.spec
View File

@ -95,7 +95,7 @@ Summary: The Linux kernel
# The rc snapshot level # The rc snapshot level
%define rcrev 3 %define rcrev 3
# The git snapshot level # The git snapshot level
%define gitrev 3 %define gitrev 4
# Set rpm version accordingly # Set rpm version accordingly
%define rpmversion 3.%{upstream_sublevel}.0 %define rpmversion 3.%{upstream_sublevel}.0
%endif %endif
@ -749,9 +749,6 @@ Patch22000: weird-root-dentry-name-debug.patch
#selinux ptrace child permissions #selinux ptrace child permissions
Patch22001: selinux-apply-different-permission-to-ptrace-child.patch Patch22001: selinux-apply-different-permission-to-ptrace-child.patch
#rhbz 814149 814155 CVE-2012-2121
Patch22006: KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
#rhbz 814278 814289 CVE-2012-2119 #rhbz 814278 814289 CVE-2012-2119
Patch22007: macvtap-zerocopy-validate-vector-length.patch Patch22007: macvtap-zerocopy-validate-vector-length.patch
@ -1453,9 +1450,6 @@ ApplyPatch vgaarb-vga_default_device.patch
ApplyPatch x86-microcode-Fix-sysfs-warning-during-module-unload-on-unsupported-CPUs.patch ApplyPatch x86-microcode-Fix-sysfs-warning-during-module-unload-on-unsupported-CPUs.patch
ApplyPatch x86-microcode-Ensure-that-module-is-only-loaded-for-supported-AMD-CPUs.patch ApplyPatch x86-microcode-Ensure-that-module-is-only-loaded-for-supported-AMD-CPUs.patch
#rhbz 814149 814155 CVE-2012-2121
ApplyPatch KVM-unmap-pages-from-the-iommu-when-slots-are-removed.patch
#rhbz 814278 814289 CVE-2012-2119 #rhbz 814278 814289 CVE-2012-2119
ApplyPatch macvtap-zerocopy-validate-vector-length.patch ApplyPatch macvtap-zerocopy-validate-vector-length.patch
@ -2319,6 +2313,9 @@ fi
# ||----w | # ||----w |
# || || # || ||
%changelog %changelog
* Fri Apr 20 2012 Justin M. Forbes <jforbes@redhat.com> - 3.4.0-0.rc3.git4.1
- Linux v3.4-rc3-89-gc6f5c93
* Thu Apr 19 2012 Justin M. Forbes <jforbes@redhat.com> - 3.4.0-0.rc3.git3.1 * Thu Apr 19 2012 Justin M. Forbes <jforbes@redhat.com> - 3.4.0-0.rc3.git3.1
- Linux v3.4-rc3-65-g9b7f43a - Linux v3.4-rc3-65-g9b7f43a

2
sources
View File

@ -1,3 +1,3 @@
7133f5a2086a7d7ef97abac610c094f5 linux-3.3.tar.xz 7133f5a2086a7d7ef97abac610c094f5 linux-3.3.tar.xz
2dfdc406169c0fcec64d5f939a44aff0 patch-3.4-rc3.xz 2dfdc406169c0fcec64d5f939a44aff0 patch-3.4-rc3.xz
92d57dac7a77f41fb939df4eb3024aea patch-3.4-rc3-git3.xz 3625feae37f8e7dbd1f3cd2243a37bed patch-3.4-rc3-git4.xz