Commit 4addcc70 authored by Sean Christopherson's avatar Sean Christopherson Committed by Lei Chen
Browse files

KVM: Don't set Accessed/Dirty bits for ZERO_PAGE 

mainline inclusion
from mainline-v6.0-rc1
commit a1040b0d
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I7PQPE?from=project-issue


CVE: NA

--------------------------------

Don't set Accessed/Dirty bits for a struct page with PG_reserved set,
i.e. don't set A/D bits for the ZERO_PAGE.  The ZERO_PAGE (or pages
depending on the architecture) should obviously never be written, and
similarly there's no point in marking it accessed as the page will never
be swapped out or reclaimed.  The comment in page-flags.h is quite clear
that PG_reserved pages should be managed only by their owner, and
strictly following that mandate also simplifies KVM's logic.

Fixes: 7df003c8 ("KVM: fix overflow of zero page refcount with ksm running")
Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
Message-Id: <20220429010416.2788472-4-seanjc@google.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Signed-off-by: default avatarLei Chen <lei.chen@smartx.com>
parent 2996491c

virt/kvm/kvm_main.c

+15 −7
Original line number Diff line number Diff line
@@ -1845,20 +1845,28 @@ void kvm_release_pfn_dirty(kvm_pfn_t pfn) 
}

EXPORT_SYMBOL_GPL(kvm_release_pfn_dirty);



void kvm_set_pfn_dirty(kvm_pfn_t pfn)

static bool kvm_is_ad_tracked_pfn(kvm_pfn_t pfn)

{

	if (!kvm_is_reserved_pfn(pfn) && !kvm_is_zone_device_pfn(pfn)) {

		struct page *page = pfn_to_page(pfn);

	if (!pfn_valid(pfn))

		return false;



		if (!PageReserved(page))

			SetPageDirty(page);

	/*

	 * Per page-flags.h, pages tagged PG_reserved "should in general not be

	 * touched (e.g. set dirty) except by its owner".

	 */

	return !PageReserved(pfn_to_page(pfn));

}



void kvm_set_pfn_dirty(kvm_pfn_t pfn)

{

	if (kvm_is_ad_tracked_pfn(pfn))

		SetPageDirty(pfn_to_page(pfn));

}

EXPORT_SYMBOL_GPL(kvm_set_pfn_dirty);



void kvm_set_pfn_accessed(kvm_pfn_t pfn)

{

	if (!kvm_is_reserved_pfn(pfn) && !kvm_is_zone_device_pfn(pfn))

	if (kvm_is_ad_tracked_pfn(pfn))

		mark_page_accessed(pfn_to_page(pfn));

}

EXPORT_SYMBOL_GPL(kvm_set_pfn_accessed);