On Mon, 25 Oct 2010 03:21:24 +0200
"Michael S. Tsirkin" <mst@xxxxxxxxxx> wrote:
> I have observed the following bug trigger:
>
> 1. userspace calls GET_DIRTY_LOG
> 2. kvm_mmu_slot_remove_write_access is called and makes a page ro
> 3. page fault happens and makes the page writeable
> fault is logged in the bitmap appropriately
This may be the reason why my commit is a corruption magnifier.
My patch moved the vmalloc() right after
kvm_mmu_slot_remove_write_access() and made this chance bigger:
because vmalloc() takes some time.
Thanks,
Takuya
> 4. kvm_vm_ioctl_get_dirty_log swaps slot pointers
>
> a lot of time passes
>
> 5. guest writes into the page
> 6. userspace calls GET_DIRTY_LOG
>
> At point (5), bitmap is clean and page is writeable,
> thus, guest modification of memory is not logged
> and GET_DIRTY_LOG returns an empty bitmap.
>
> The rule is that all pages are either dirty in the current bitmap,
> or write-protected, which is violated here.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
