Skip to content

Commit

Permalink
KVM: SVM: CSV: fix CSV3 launch failures because of concurrent longter…
Browse files Browse the repository at this point in the history
…m pin

hygon inclusion
category: bugfix
CVE: NA

---------------------------

If a large number of CMA memory are configured in system (for example,
the CMA memory accounts for 50% of the system memory), starting a
virtual machine with device passthrough, it will
call pin_user_pages_remote(..., FOLL_LONGTERM, ...) to pin memory.
Normally if a page is present and in CMA area, pin_user_pages_remote()
will migrate the page from CMA area to non-CMA area because of
FOLL_LONGTERM flag. But the current code will cause the migration
failure due to unexpected page refcounts, and eventually cause the
virtual machine fail to start.

During CSV3 virtual machine startup, it will also call
pin_user_pages_fast(..., FOLL_LONGTERM, ...) to pin shared memory
in #NPF handler. If pin_user_pages_remote() and pin_user_pages_fast()
pin a same page concurrently, it may lead to unexpected page refcounts.

To solve the problem above, we use mmap_write_lock/unlock() to serialize
the execution of pin_user_pages_remote() and pin_user_pages_fast().

Signed-off-by: yangge <[email protected]>
Signed-off-by: hanliyang <[email protected]>
  • Loading branch information
yangge authored and opsiff committed Nov 15, 2024
1 parent 77a2b5b commit cba34bd
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions arch/x86/kvm/svm/csv.c
Original file line number Diff line number Diff line change
Expand Up @@ -2044,13 +2044,15 @@ static int csv3_pin_shared_memory(struct kvm_vcpu *vcpu,
return -ENOMEM;

hva = __gfn_to_hva_memslot(slot, gfn);
npinned = pin_user_pages_fast(hva, 1, FOLL_WRITE | FOLL_LONGTERM,
&page);
mmap_write_lock(current->mm);
npinned = pin_user_pages(hva, 1, FOLL_WRITE | FOLL_LONGTERM, &page);
if (npinned != 1) {
mmap_write_unlock(current->mm);
kmem_cache_free(csv->sp_slab, sp);
return -ENOMEM;
}

mmap_write_unlock(current->mm);
sp->page = page;
sp->gfn = gfn;
shared_page_insert(&csv->sp_mgr, sp);
Expand Down

0 comments on commit cba34bd

Please sign in to comment.