[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 53/63] RAMBlock: make guest_memfd require uncoordinated discard
From: |
Paolo Bonzini |
Subject: |
[PULL 53/63] RAMBlock: make guest_memfd require uncoordinated discard |
Date: |
Tue, 23 Apr 2024 17:09:41 +0200 |
Some subsystems like VFIO might disable ram block discard, but guest_memfd
uses discard operations to implement conversions between private and
shared memory. Because of this, sequences like the following can result
in stale IOMMU mappings:
1. allocate shared page
2. convert page shared->private
3. discard shared page
4. convert page private->shared
5. allocate shared page
6. issue DMA operations against that shared page
This is not a use-after-free, because after step 3 VFIO is still pinning
the page. However, DMA operations in step 6 will hit the old mapping
that was allocated in step 1.
Address this by taking ram_block_discard_is_enabled() into account when
deciding whether or not to discard pages.
Since kvm_convert_memory()/guest_memfd doesn't implement a
RamDiscardManager handler to convey and replay discard operations,
this is a case of uncoordinated discard, which is blocked/released
by ram_block_discard_require(). Interestingly, this function had
no use so far.
Alternative approaches would be to block discard of shared pages, but
this would cause guests to consume twice the memory if they use VFIO;
or to implement a RamDiscardManager and only block uncoordinated
discard, i.e. use ram_block_coordinated_discard_require().
[Commit message mostly by Michael Roth <michael.roth@amd.com>]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
system/physmem.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/system/physmem.c b/system/physmem.c
index f5dfa20e57e..5ebcf5be116 100644
--- a/system/physmem.c
+++ b/system/physmem.c
@@ -1846,6 +1846,13 @@ static void ram_block_add(RAMBlock *new_block, Error
**errp)
assert(kvm_enabled());
assert(new_block->guest_memfd < 0);
+ if (ram_block_discard_require(true) < 0) {
+ error_setg_errno(errp, errno,
+ "cannot set up private guest memory: discard
currently blocked");
+ error_append_hint(errp, "Are you using assigned devices?\n");
+ goto out_free;
+ }
+
new_block->guest_memfd = kvm_create_guest_memfd(new_block->max_length,
0, errp);
if (new_block->guest_memfd < 0) {
@@ -2109,6 +2116,7 @@ static void reclaim_ramblock(RAMBlock *block)
if (block->guest_memfd >= 0) {
close(block->guest_memfd);
+ ram_block_discard_require(false);
}
g_free(block);
--
2.44.0
- [PULL 59/63] target/i386/cpu: Consolidate the use of warn_report_once(), (continued)
- [PULL 59/63] target/i386/cpu: Consolidate the use of warn_report_once(), Paolo Bonzini, 2024/04/23
- [PULL 06/63] util/qemu-config: Extract QMP commands to qemu-config-qmp.c, Paolo Bonzini, 2024/04/23
- [PULL 20/63] vga: move dirty memory region code together, Paolo Bonzini, 2024/04/23
- [PULL 23/63] target/i386: add guest-phys-bits cpu property, Paolo Bonzini, 2024/04/23
- [PULL 25/63] i386/kvm: Move architectural CPUID leaf generation to separate helper, Paolo Bonzini, 2024/04/23
- [PULL 30/63] q35: Introduce smm_ranges property for q35-pci-host, Paolo Bonzini, 2024/04/23
- [PULL 39/63] runstate: skip initial CPU reset if reset is not actually possible, Paolo Bonzini, 2024/04/23
- [PULL 48/63] kvm: Introduce support for memory_attributes, Paolo Bonzini, 2024/04/23
- [PULL 38/63] linux-headers: update to current kvm/next, Paolo Bonzini, 2024/04/23
- [PULL 53/63] RAMBlock: make guest_memfd require uncoordinated discard,
Paolo Bonzini <=
- [PULL 55/63] kvm: handle KVM_EXIT_MEMORY_FAULT, Paolo Bonzini, 2024/04/23
- [PULL 54/63] physmem: Introduce ram_block_discard_guest_memfd_range(), Paolo Bonzini, 2024/04/23
- [PULL 24/63] kvm: add support for guest physical bits, Paolo Bonzini, 2024/04/23
- [PULL 60/63] target/i386/cpu: Merge the warning and error messages for AMD HT check, Paolo Bonzini, 2024/04/23
- [PULL 63/63] target/i386/translate.c: always write 32-bits for SGDT and SIDT, Paolo Bonzini, 2024/04/23
- [PULL 42/63] target/i386: introduce x86-confidential-guest, Paolo Bonzini, 2024/04/23
- [PULL 15/63] colo: move stubs out of stubs/, Paolo Bonzini, 2024/04/23
- Re: [PULL 00/63] First batch of i386 and build system patch for QEMU 9.1, Richard Henderson, 2024/04/24