Am 25.10.2010 11:32, Avi Kivity wrote:
> On 10/25/2010 03:21 AM, Michael S. Tsirkin wrote:
>> I have observed the following bug trigger:
>>
>> 1. userspace calls GET_DIRTY_LOG
>> 2. kvm_mmu_slot_remove_write_access is called and makes a page ro
>> 3. page fault happens and makes the page writeable
>> fault is logged in the bitmap appropriately
>> 4. kvm_vm_ioctl_get_dirty_log swaps slot pointers
>>
>> a lot of time passes
>>
>> 5. guest writes into the page
>> 6. userspace calls GET_DIRTY_LOG
>>
>> At point (5), bitmap is clean and page is writeable,
>> thus, guest modification of memory is not logged
>> and GET_DIRTY_LOG returns an empty bitmap.
>>
>> The rule is that all pages are either dirty in the current bitmap,
>> or write-protected, which is violated here.
>>
>> It seems that just moving kvm_mmu_slot_remove_write_access down
>> to after the slot pointer swap should fix this bug.
>>
>> Warning: completely untested.
>> Please comment.
>> Note: fix will be needed for -stable etc.
>
> Excellent catch, I stared at this code for a while and didn't see the
> bug. Patch applied.
>
This patch was marked KVM-stable on commit, but it did not make into any
stable branch thus also none of the recent releases. Please fix (for
2.6.36 now).
Thanks,
Jan
--
Siemens AG, Corporate Technology, CT T DE IT 1
Corporate Competence Center Embedded Linux
On 11/24/2010 09:16 PM, Jan Kiszka wrote:
> >
> > Excellent catch, I stared at this code for a while and didn't see the
> > bug. Patch applied.
> >
>
> This patch was marked KVM-stable on commit, but it did not make into any
> stable branch thus also none of the recent releases. Please fix (for
> 2.6.36 now).
We need some bot that watches out for commits with the tag going into
upstream and pokes the maintainers.
--
error compiling committee.c: too many arguments to function