Commit 87da7e6
KVM: x86: fix vcpu->mmio_fragments overflow
After commit b3356bf (KVM: emulator: optimize "rep ins" handling),
the pieces of io data can be collected and write them to the guest memory
or MMIO together
Unfortunately, kvm splits the mmio access into 8 bytes and store them to
vcpu->mmio_fragments. If the guest uses "rep ins" to move large data, it
will cause vcpu->mmio_fragments overflow
The bug can be exposed by isapc (-M isapc):
[23154.818733] general protection fault: 0000 [Digilent#1] SMP DEBUG_PAGEALLOC
[ ......]
[23154.858083] Call Trace:
[23154.859874] [<ffffffffa04f0e17>] kvm_get_cr8+0x1d/0x28 [kvm]
[23154.861677] [<ffffffffa04fa6d4>] kvm_arch_vcpu_ioctl_run+0xcda/0xe45 [kvm]
[23154.863604] [<ffffffffa04f5a1a>] ? kvm_arch_vcpu_load+0x17b/0x180 [kvm]
Actually, we can use one mmio_fragment to store a large mmio access then
split it when we pass the mmio-exit-info to userspace. After that, we only
need two entries to store mmio info for the cross-mmio pages access
Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>1 parent 35fd3dc commit 87da7e6
2 files changed
Lines changed: 36 additions & 39 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3779 | 3779 | | |
3780 | 3780 | | |
3781 | 3781 | | |
3782 | | - | |
| 3782 | + | |
3783 | 3783 | | |
3784 | 3784 | | |
3785 | 3785 | | |
| |||
3832 | 3832 | | |
3833 | 3833 | | |
3834 | 3834 | | |
3835 | | - | |
3836 | | - | |
3837 | | - | |
3838 | | - | |
3839 | | - | |
3840 | | - | |
3841 | | - | |
3842 | | - | |
3843 | | - | |
3844 | | - | |
3845 | | - | |
3846 | | - | |
| 3835 | + | |
| 3836 | + | |
| 3837 | + | |
| 3838 | + | |
| 3839 | + | |
3847 | 3840 | | |
3848 | 3841 | | |
3849 | 3842 | | |
| |||
3890 | 3883 | | |
3891 | 3884 | | |
3892 | 3885 | | |
3893 | | - | |
| 3886 | + | |
3894 | 3887 | | |
3895 | 3888 | | |
3896 | 3889 | | |
| |||
5522 | 5515 | | |
5523 | 5516 | | |
5524 | 5517 | | |
5525 | | - | |
5526 | | - | |
5527 | | - | |
| 5518 | + | |
| 5519 | + | |
| 5520 | + | |
| 5521 | + | |
5528 | 5522 | | |
5529 | 5523 | | |
5530 | 5524 | | |
5531 | 5525 | | |
5532 | | - | |
5533 | | - | |
5534 | | - | |
| 5526 | + | |
| 5527 | + | |
| 5528 | + | |
| 5529 | + | |
5535 | 5530 | | |
5536 | 5531 | | |
5537 | 5532 | | |
5538 | 5533 | | |
5539 | 5534 | | |
| 5535 | + | |
5540 | 5536 | | |
5541 | 5537 | | |
5542 | 5538 | | |
5543 | 5539 | | |
5544 | | - | |
| 5540 | + | |
| 5541 | + | |
5545 | 5542 | | |
5546 | | - | |
| 5543 | + | |
| 5544 | + | |
| 5545 | + | |
| 5546 | + | |
| 5547 | + | |
| 5548 | + | |
| 5549 | + | |
| 5550 | + | |
| 5551 | + | |
| 5552 | + | |
| 5553 | + | |
| 5554 | + | |
| 5555 | + | |
5547 | 5556 | | |
5548 | 5557 | | |
5549 | 5558 | | |
5550 | 5559 | | |
5551 | 5560 | | |
5552 | 5561 | | |
5553 | 5562 | | |
5554 | | - | |
5555 | | - | |
| 5563 | + | |
5556 | 5564 | | |
5557 | 5565 | | |
5558 | 5566 | | |
5559 | | - | |
5560 | | - | |
| 5567 | + | |
| 5568 | + | |
5561 | 5569 | | |
5562 | 5570 | | |
5563 | 5571 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
42 | 42 | | |
43 | 43 | | |
44 | 44 | | |
45 | | - | |
46 | | - | |
47 | | - | |
48 | | - | |
49 | | - | |
50 | | - | |
51 | | - | |
52 | | - | |
53 | | - | |
54 | | - | |
55 | | - | |
56 | | - | |
57 | | - | |
| 45 | + | |
| 46 | + | |
58 | 47 | | |
59 | 48 | | |
60 | 49 | | |
| |||
0 commit comments