Re: [PATCH] mm: mmu_notifier: fix inconsistent memory between secondary MMU and host
From: Xiao Guangrong <hidden>
Date: 2012-08-23 07:25:48
Also in:
kvm, lkml
On 08/23/2012 12:37 AM, Andrea Arcangeli wrote:
On Wed, Aug 22, 2012 at 11:51:17AM +0800, Xiao Guangrong wrote:quoted
Hmm, in KSM code, i found this code in replace_page: set_pte_at_notify(mm, addr, ptep, mk_pte(kpage, vma->vm_page_prot)); It is possible to establish a writable pte, no?Hugh already answered this thanks. Further details on the vm_page_prot are in top of mmap.c, and KSM never scans MAP_SHARED vmas.
Yes, i see that, thank you, Andrea!
quoted
Unfortunately, all these bugs are triggered by test cases.Sure, I've seen the very Oops for the other one, and this one also can trigger if unlucky. This one can trigger with KVM but only if KSM is enabled or with live migration or with device hotplug or some other event that triggers a fork in qemu. My curiosity about the other one in the exit/unregister/release paths is if it really ever triggered with KVM. Because I can't easily see how it could trigger. By the time kvm_destroy_vm or exit_mmap() runs, no vcpu can be in guest mode anymore, so it cannot matter whatever the status of any leftover spte at that time.
vcpu is not in guest mode, but the memory can be still hold in KVM MMU.
Consider this case:
CPU 0 CPU 1
create kvm
create vcpu thread
[ Guest is happily running ]
send kill signal to the process
call do_exit
mmput mm
exit_mmap, then
delete mmu_notify
reclaim the memory of these threads
!!!!!!
Now, the page has been reclaimed but
it is still hold in KVM MMU
mmu_notify->release
!!!!!!
delete spte, and call
mark_page_accessed/mark_page_dirty for
the page which has already been freed on CPU 1
exit_files
release kvm/vcpu file, then
kvm and vcpu are destroyed.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>