On 12/11/2011 12:25 PM, Christoffer Dall wrote:
> From: Christoffer Dall <cdall@xxxxxxxxxxxxxxx>
>
> Handles the guest faults in KVM by mapping in corresponding user pages
> in the 2nd stage page tables.
>
> Introduces new ARM-specific kernel memory types, PAGE_KVM_GUEST and
> pgprot_guest variables used to map 2nd stage memory for KVM guests.
>
>
> +static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
> + gfn_t gfn, struct kvm_memory_slot *memslot)
> +{
> + pfn_t pfn;
> + pgd_t *pgd;
> + pud_t *pud;
> + pmd_t *pmd;
> + pte_t *pte, new_pte;
> +
> + pfn = gfn_to_pfn(vcpu->kvm, gfn);
> +
> + if (is_error_pfn(pfn)) {
put_page()
> + kvm_err(-EFAULT, "Guest gfn %u (0x%08lx) does not have "
> + "corresponding host mapping",
> + gfn, gfn << PAGE_SHIFT);
> + return -EFAULT;
> + }
> +
> + /* Create 2nd stage page table mapping - Level 1 */
> + pgd = vcpu->kvm->arch.pgd + pgd_index(fault_ipa);
> + pud = pud_offset(pgd, fault_ipa);
> + if (pud_none(*pud)) {
> + pmd = pmd_alloc_one(NULL, fault_ipa);
> + if (!pmd) {
> + kvm_err(-ENOMEM, "Cannot allocate 2nd stage pmd");
put_page()
> + return -ENOMEM;
> + }
> + pud_populate(NULL, pud, pmd);
> + pmd += pmd_index(fault_ipa);
> + } else
> + pmd = pmd_offset(pud, fault_ipa);
> +
> + /* Create 2nd stage page table mapping - Level 2 */
> + if (pmd_none(*pmd)) {
> + pte = pte_alloc_one_kernel(NULL, fault_ipa);
> + if (!pte) {
> + kvm_err(-ENOMEM, "Cannot allocate 2nd stage pte");
> + return -ENOMEM;
> + }
> + pmd_populate_kernel(NULL, pmd, pte);
> + pte += pte_index(fault_ipa);
> + } else
> + pte = pte_offset_kernel(pmd, fault_ipa);
> +
> + /* Create 2nd stage page table mapping - Level 3 */
> + new_pte = pfn_pte(pfn, PAGE_KVM_GUEST);
> + set_pte_ext(pte, new_pte, 0);
With LPAE and 40-bit addresses, a guest can cause 2GBs worth of page
tables to be pinned in host memory; this can be used as a denial of
service attack. x86 handles this by having a shrinker that can
dynamically free page tables, see mmu_shrinker.
An alternative way may be to impose RLIMIT_AS on the sum of a guest's
memory slots; though I prefer having a shrinker.
A bigger problem is that you pin all memory; what are the plans wrt mmu
notifiers?
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
