Skip to content

Commit

Permalink
RAMBlock: make guest_memfd require uncoordinated discard
Browse files Browse the repository at this point in the history
Some subsystems like VFIO might disable ram block discard, but guest_memfd
uses discard operations to implement conversions between private and
shared memory.  Because of this, sequences like the following can result
in stale IOMMU mappings:

1. allocate shared page
2. convert page shared->private
3. discard shared page
4. convert page private->shared
5. allocate shared page
6. issue DMA operations against that shared page

This is not a use-after-free, because after step 3 VFIO is still pinning
the page.  However, DMA operations in step 6 will hit the old mapping
that was allocated in step 1.

Address this by taking ram_block_discard_is_enabled() into account when
deciding whether or not to discard pages.

Since kvm_convert_memory()/guest_memfd doesn't implement a
RamDiscardManager handler to convey and replay discard operations,
this is a case of uncoordinated discard, which is blocked/released
by ram_block_discard_require().  Interestingly, this function had
no use so far.

Alternative approaches would be to block discard of shared pages, but
this would cause guests to consume twice the memory if they use VFIO;
or to implement a RamDiscardManager and only block uncoordinated
discard, i.e. use ram_block_coordinated_discard_require().

[Commit message mostly by Michael Roth <michael.roth@amd.com>]

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
  • Loading branch information
bonzini committed Apr 23, 2024
1 parent 37662d8 commit 852f004
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions system/physmem.c
Original file line number Diff line number Diff line change
Expand Up @@ -1846,6 +1846,13 @@ static void ram_block_add(RAMBlock *new_block, Error **errp)
assert(kvm_enabled());
assert(new_block->guest_memfd < 0);

if (ram_block_discard_require(true) < 0) {
error_setg_errno(errp, errno,
"cannot set up private guest memory: discard currently blocked");
error_append_hint(errp, "Are you using assigned devices?\n");
goto out_free;
}

new_block->guest_memfd = kvm_create_guest_memfd(new_block->max_length,
0, errp);
if (new_block->guest_memfd < 0) {
Expand Down Expand Up @@ -2109,6 +2116,7 @@ static void reclaim_ramblock(RAMBlock *block)

if (block->guest_memfd >= 0) {
close(block->guest_memfd);
ram_block_discard_require(false);
}

g_free(block);
Expand Down

0 comments on commit 852f004

Please sign in to comment.