From patchwork Fri Jun 29 16:32:02 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [2/4] KVM: MMU: do not free active mmu pages in free_mmu_pages() Date: Fri, 29 Jun 2012 06:32:02 -0000 From: Herton Ronaldo Krzesinski X-Patchwork-Id: 168177 Message-Id: <1340987524-22261-3-git-send-email-herton.krzesinski@canonical.com> To: kernel-team@lists.ubuntu.com From: Gleb Natapov CVE-2012-1601 BugLink: http://bugs.launchpad.net/bugs/971685 free_mmu_pages() should only undo what alloc_mmu_pages() does. Free mmu pages from the generic VM destruction function, kvm_destroy_vm(). Signed-off-by: Gleb Natapov Signed-off-by: Avi Kivity (backported from commit f00be0cae4e6ad0a8c7be381c6d9be3586800b3e upstream) [ herton: backport details: cond_resched() wasn't called from free_mmu_pages in 2.6.24, rediff was necessary. Also, we still didn't have mmu notifier stuff, so just call kvm_arch_flush_shadow unconditionally ] Signed-off-by: Herton Ronaldo Krzesinski --- arch/x86/kvm/mmu.c | 7 ------- .../binary-custom.d/openvz/src/arch/x86/kvm/mmu.c | 7 ------- .../binary-custom.d/openvz/src/virt/kvm/kvm_main.c | 1 + debian/binary-custom.d/xen/src/arch/x86/kvm/mmu.c | 7 ------- debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c | 1 + virt/kvm/kvm_main.c | 1 + 6 files changed, 3 insertions(+), 21 deletions(-) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 95d4132..1505902 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -1844,13 +1844,6 @@ EXPORT_SYMBOL_GPL(kvm_enable_tdp); static void free_mmu_pages(struct kvm_vcpu *vcpu) { - struct kvm_mmu_page *sp; - - while (!list_empty(&vcpu->kvm->arch.active_mmu_pages)) { - sp = container_of(vcpu->kvm->arch.active_mmu_pages.next, - struct kvm_mmu_page, link); - kvm_mmu_zap_page(vcpu->kvm, sp); - } free_page((unsigned long)vcpu->arch.mmu.pae_root); } diff --git a/debian/binary-custom.d/openvz/src/arch/x86/kvm/mmu.c b/debian/binary-custom.d/openvz/src/arch/x86/kvm/mmu.c index 95d4132..1505902 100644 --- a/debian/binary-custom.d/openvz/src/arch/x86/kvm/mmu.c +++ b/debian/binary-custom.d/openvz/src/arch/x86/kvm/mmu.c @@ -1844,13 +1844,6 @@ EXPORT_SYMBOL_GPL(kvm_enable_tdp); static void free_mmu_pages(struct kvm_vcpu *vcpu) { - struct kvm_mmu_page *sp; - - while (!list_empty(&vcpu->kvm->arch.active_mmu_pages)) { - sp = container_of(vcpu->kvm->arch.active_mmu_pages.next, - struct kvm_mmu_page, link); - kvm_mmu_zap_page(vcpu->kvm, sp); - } free_page((unsigned long)vcpu->arch.mmu.pae_root); } diff --git a/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c b/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c index 2a4bdbd..a1794b6 100644 --- a/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c +++ b/debian/binary-custom.d/openvz/src/virt/kvm/kvm_main.c @@ -238,6 +238,7 @@ static void kvm_destroy_vm(struct kvm *kvm) spin_unlock(&kvm_lock); kvm_io_bus_destroy(&kvm->pio_bus); kvm_io_bus_destroy(&kvm->mmio_bus); + kvm_arch_flush_shadow(kvm); kvm_arch_destroy_vm(kvm); mmdrop(mm); } diff --git a/debian/binary-custom.d/xen/src/arch/x86/kvm/mmu.c b/debian/binary-custom.d/xen/src/arch/x86/kvm/mmu.c index 95d4132..1505902 100644 --- a/debian/binary-custom.d/xen/src/arch/x86/kvm/mmu.c +++ b/debian/binary-custom.d/xen/src/arch/x86/kvm/mmu.c @@ -1844,13 +1844,6 @@ EXPORT_SYMBOL_GPL(kvm_enable_tdp); static void free_mmu_pages(struct kvm_vcpu *vcpu) { - struct kvm_mmu_page *sp; - - while (!list_empty(&vcpu->kvm->arch.active_mmu_pages)) { - sp = container_of(vcpu->kvm->arch.active_mmu_pages.next, - struct kvm_mmu_page, link); - kvm_mmu_zap_page(vcpu->kvm, sp); - } free_page((unsigned long)vcpu->arch.mmu.pae_root); } diff --git a/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c b/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c index 2a4bdbd..a1794b6 100644 --- a/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c +++ b/debian/binary-custom.d/xen/src/virt/kvm/kvm_main.c @@ -238,6 +238,7 @@ static void kvm_destroy_vm(struct kvm *kvm) spin_unlock(&kvm_lock); kvm_io_bus_destroy(&kvm->pio_bus); kvm_io_bus_destroy(&kvm->mmio_bus); + kvm_arch_flush_shadow(kvm); kvm_arch_destroy_vm(kvm); mmdrop(mm); } diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 2a4bdbd..a1794b6 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -238,6 +238,7 @@ static void kvm_destroy_vm(struct kvm *kvm) spin_unlock(&kvm_lock); kvm_io_bus_destroy(&kvm->pio_bus); kvm_io_bus_destroy(&kvm->mmio_bus); + kvm_arch_flush_shadow(kvm); kvm_arch_destroy_vm(kvm); mmdrop(mm); }