提交 fe4e771d 编写于 作者: H Hollis Blanchard 提交者: Avi Kivity

KVM: ppc: fix userspace mapping invalidation on context switch

We used to defer invalidating userspace TLB entries until jumping out of the
kernel. This was causing MMU weirdness most easily triggered by using a pipe in
the guest, e.g. "dmesg | tail". I believe the problem was that after the guest
kernel changed the PID (part of context switch), the old process's mappings
were still present, and so copy_to_user() on the "return to new process" path
ended up using stale mappings.

Testing with large pages (64K) exposed the problem, probably because with 4K
pages, pressure on the TLB faulted all process A's mappings out before the
guest kernel could insert any for process B.
Signed-off-by: NHollis Blanchard <hollisb@us.ibm.com>
Signed-off-by: NAvi Kivity <avi@redhat.com>
上级 df9b856c
...@@ -44,4 +44,6 @@ static inline struct kvmppc_vcpu_44x *to_44x(struct kvm_vcpu *vcpu) ...@@ -44,4 +44,6 @@ static inline struct kvmppc_vcpu_44x *to_44x(struct kvm_vcpu *vcpu)
return container_of(vcpu, struct kvmppc_vcpu_44x, vcpu); return container_of(vcpu, struct kvmppc_vcpu_44x, vcpu);
} }
void kvmppc_set_pid(struct kvm_vcpu *vcpu, u32 new_pid);
#endif /* __ASM_44X_H__ */ #endif /* __ASM_44X_H__ */
...@@ -21,6 +21,7 @@ ...@@ -21,6 +21,7 @@
#include <asm/dcr.h> #include <asm/dcr.h>
#include <asm/dcr-regs.h> #include <asm/dcr-regs.h>
#include <asm/disassemble.h> #include <asm/disassemble.h>
#include <asm/kvm_44x.h>
#include "booke.h" #include "booke.h"
#include "44x_tlb.h" #include "44x_tlb.h"
...@@ -38,14 +39,6 @@ ...@@ -38,14 +39,6 @@
#define XOP_ICCCI 966 #define XOP_ICCCI 966
#define XOP_TLBWE 978 #define XOP_TLBWE 978
static inline void kvmppc_set_pid(struct kvm_vcpu *vcpu, u32 new_pid)
{
if (vcpu->arch.pid != new_pid) {
vcpu->arch.pid = new_pid;
vcpu->arch.swap_pid = 1;
}
}
static void kvmppc_emul_rfi(struct kvm_vcpu *vcpu) static void kvmppc_emul_rfi(struct kvm_vcpu *vcpu)
{ {
vcpu->arch.pc = vcpu->arch.srr0; vcpu->arch.pc = vcpu->arch.srr0;
......
...@@ -268,31 +268,34 @@ static void kvmppc_mmu_invalidate(struct kvm_vcpu *vcpu, gva_t eaddr, ...@@ -268,31 +268,34 @@ static void kvmppc_mmu_invalidate(struct kvm_vcpu *vcpu, gva_t eaddr,
} }
} }
/* Invalidate all mappings on the privilege switch after PID has been changed.
* The guest always runs with PID=1, so we must clear the entire TLB when
* switching address spaces. */
void kvmppc_mmu_priv_switch(struct kvm_vcpu *vcpu, int usermode) void kvmppc_mmu_priv_switch(struct kvm_vcpu *vcpu, int usermode)
{
vcpu->arch.shadow_pid = !usermode;
}
void kvmppc_set_pid(struct kvm_vcpu *vcpu, u32 new_pid)
{ {
struct kvmppc_vcpu_44x *vcpu_44x = to_44x(vcpu); struct kvmppc_vcpu_44x *vcpu_44x = to_44x(vcpu);
int i; int i;
if (vcpu->arch.swap_pid) { if (unlikely(vcpu->arch.pid == new_pid))
/* XXX Replace loop with fancy data structures. */ return;
for (i = 0; i <= tlb_44x_hwater; i++) {
vcpu->arch.pid = new_pid;
/* Guest userspace runs with TID=0 mappings and PID=0, to make sure it
* can't access guest kernel mappings (TID=1). When we switch to a new
* guest PID, which will also use host PID=0, we must discard the old guest
* userspace mappings. */
for (i = 0; i < ARRAY_SIZE(vcpu_44x->shadow_tlb); i++) {
struct kvmppc_44x_tlbe *stlbe = &vcpu_44x->shadow_tlb[i]; struct kvmppc_44x_tlbe *stlbe = &vcpu_44x->shadow_tlb[i];
/* Future optimization: clear only userspace mappings. */ if (get_tlb_tid(stlbe) == 0) {
kvmppc_44x_shadow_release(vcpu, i); kvmppc_44x_shadow_release(vcpu, i);
stlbe->word0 = 0; stlbe->word0 = 0;
kvmppc_tlbe_set_modified(vcpu, i); kvmppc_tlbe_set_modified(vcpu, i);
KVMTRACE_5D(STLB_INVAL, vcpu, i,
stlbe->tid, stlbe->word0, stlbe->word1,
stlbe->word2, handler);
} }
vcpu->arch.swap_pid = 0;
} }
vcpu->arch.shadow_pid = !usermode;
} }
static int tlbe_is_host_safe(const struct kvm_vcpu *vcpu, static int tlbe_is_host_safe(const struct kvm_vcpu *vcpu,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册