Am 25.10.2010 11:32, Avi Kivity wrote: > On 10/25/2010 03:21 AM, Michael S. Tsirkin wrote: >> I have observed the following bug trigger: >> >> 1. userspace calls GET_DIRTY_LOG >> 2. kvm_mmu_slot_remove_write_access is called and makes a page ro >> 3. page fault happens and makes the page writeable >> fault is logged in the bitmap appropriately >> 4. kvm_vm_ioctl_get_dirty_log swaps slot pointers >> >> a lot of time passes >> >> 5. guest writes into the page >> 6. userspace calls GET_DIRTY_LOG >> >> At point (5), bitmap is clean and page is writeable, >> thus, guest modification of memory is not logged >> and GET_DIRTY_LOG returns an empty bitmap. >> >> The rule is that all pages are either dirty in the current bitmap, >> or write-protected, which is violated here. >> >> It seems that just moving kvm_mmu_slot_remove_write_access down >> to after the slot pointer swap should fix this bug. >> >> Warning: completely untested. >> Please comment. >> Note: fix will be needed for -stable etc. > > Excellent catch, I stared at this code for a while and didn't see the > bug. Patch applied. > This patch was marked KVM-stable on commit, but it did not make into any stable branch thus also none of the recent releases. Please fix (for 2.6.36 now). Thanks, Jan -- Siemens AG, Corporate Technology, CT T DE IT 1 Corporate Competence Center Embedded Linux -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
