git.itanic.dy.fi Git - linux-stable/commit

author	Junaid Shahid <junaids@google.com>
	Wed, 10 Aug 2022 22:49:39 +0000 (15:49 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 20 Sep 2022 10:43:46 +0000 (12:43 +0200)
commit	50a1ffa557cf9bf7e1a4ee7ff88c6546332b1c0d
tree	8fcf3642afff3d7d97988680870adbbb19472e4f	tree \| snapshot
parent	c87f1f99e26ea4ae08cabe753ae98e5626bdba89	commit \| diff

kvm: x86: mmu: Always flush TLBs when enabling dirty logging

[ Upstream commit b64d740ea7ddc929d97b28de4c0665f7d5db9e2a ]

When A/D bits are not available, KVM uses a software access tracking
mechanism, which involves making the SPTEs inaccessible. However,
the clear_young() MMU notifier does not flush TLBs. So it is possible
that there may still be stale, potentially writable, TLB entries.
This is usually fine, but can be problematic when enabling dirty
logging, because it currently only does a TLB flush if any SPTEs were
modified. But if all SPTEs are in access-tracked state, then there
won't be a TLB flush, which means that the guest could still possibly
write to memory and not have it reflected in the dirty bitmap.

So just unconditionally flush the TLBs when enabling dirty logging.
As an alternative, KVM could explicitly check the MMU-Writable bit when
write-protecting SPTEs to decide if a flush is needed (instead of
checking the Writable bit), but given that a flush almost always happens
anyway, so just making it unconditional seems simpler.

Signed-off-by: Junaid Shahid <junaids@google.com>
Message-Id: <20220810224939.2611160-1-junaids@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

arch/x86/kvm/mmu/mmu.c		diff \| blob \| history
arch/x86/kvm/mmu/spte.h		diff \| blob \| history
arch/x86/kvm/x86.c		diff \| blob \| history