From 906703939bd3444ec8245fb26b0551501543d6a6 Mon Sep 17 00:00:00 2001 From: Dean Nelson Date: Thu, 16 Jun 2011 03:08:21 -0300 Subject: [RHEL6 qemu-kvm PATCH 6/6] KVM, MCE, unpoison memory address across reboot RH-Author: Dean Nelson Message-id: <20110616030821.4846.80591.email-sent-by-dnelson@localhost6.localdomain6> Patchwork-id: 27208 O-Subject: [RHEL6.2 qemu-kvm PATCH 6/6] KVM, MCE, unpoison memory address across reboot Bugzilla: 696102 RH-Acked-by: Jes Sorensen RH-Acked-by: Alex Williamson RH-Acked-by: Marcelo Tosatti Resolves RHBZ 696102 Backport of: commit 3c85e74fbf9e5a39d8d13ef91a5f3dd91f0bc8a8 Author: Huang Ying Date: Wed Mar 2 08:56:20 2011 +0100 KVM, MCE, unpoison memory address across reboot In Linux kernel HWPoison processing implementation, the virtual address in processes mapping the error physical memory page is marked as HWPoison. So that, the further accessing to the virtual address will kill corresponding processes with SIGBUS. If the error physical memory page is used by a KVM guest, the SIGBUS will be sent to QEMU, and QEMU will simulate a MCE to report that memory error to the guest OS. If the guest OS can not recover from the error (for example, the page is accessed by kernel code), guest OS will reboot the system. But because the underlying host virtual address backing the guest physical memory is still poisoned, if the guest system accesses the corresponding guest physical memory even after rebooting, the SIGBUS will still be sent to QEMU and MCE will be simulated. That is, guest system can not recover via rebooting. In fact, across rebooting, the contents of guest physical memory page need not to be kept. We can allocate a new host physical page to back the corresponding guest physical address. This patch fixes this issue in QEMU-KVM via calling qemu_ram_remap() to clear the corresponding page table entry, so that make it possible to allocate a new page to recover the issue. [ Jan: rebasing and tiny cleanups] Signed-off-by: Huang Ying Signed-off-by: Jan Kiszka Signed-off-by: Marcelo Tosatti --- qemu-kvm.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 files changed, 40 insertions(+), 0 deletions(-) Signed-off-by: Eduardo Habkost --- qemu-kvm.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 files changed, 40 insertions(+), 0 deletions(-) diff --git a/qemu-kvm.c b/qemu-kvm.c index be3b48c..732d6ec 100644 --- a/qemu-kvm.c +++ b/qemu-kvm.c @@ -702,6 +702,41 @@ int kvm_get_dirty_pages_range(kvm_context_t kvm, unsigned long phys_addr, return 0; } +#if defined(KVM_CAP_MCE) && defined(TARGET_I386) +typedef struct HWPoisonPage { + ram_addr_t ram_addr; + QLIST_ENTRY(HWPoisonPage) list; +} HWPoisonPage; + +static QLIST_HEAD(, HWPoisonPage) hwpoison_page_list = + QLIST_HEAD_INITIALIZER(hwpoison_page_list); + +static void kvm_unpoison_all(void *param) +{ + HWPoisonPage *page, *next_page; + + QLIST_FOREACH_SAFE(page, &hwpoison_page_list, list, next_page) { + QLIST_REMOVE(page, list); + qemu_ram_remap(page->ram_addr, TARGET_PAGE_SIZE); + qemu_free(page); + } +} + +static void kvm_hwpoison_page_add(ram_addr_t ram_addr) +{ + HWPoisonPage *page; + + QLIST_FOREACH(page, &hwpoison_page_list, list) { + if (page->ram_addr == ram_addr) { + return; + } + } + page = qemu_malloc(sizeof(HWPoisonPage)); + page->ram_addr = ram_addr; + QLIST_INSERT_HEAD(&hwpoison_page_list, page, list); +} +#endif + #ifdef KVM_CAP_IRQCHIP int kvm_set_irq_level(kvm_context_t kvm, int irq, int level, int *status) @@ -1506,6 +1541,7 @@ static void sigbus_handler(int n, struct qemu_signalfd_siginfo *siginfo, status = MCI_STATUS_VAL | MCI_STATUS_UC | MCI_STATUS_EN | MCI_STATUS_MISCV | MCI_STATUS_ADDRV | MCI_STATUS_S | 0xc0; + kvm_hwpoison_page_add(ram_addr); kvm_inject_x86_mce(first_cpu, 9, status, MCG_STATUS_MCIP | MCG_STATUS_RIPV, paddr, (MCM_ADDR_PHYS << 6) | 0xc, 1); @@ -1753,6 +1789,7 @@ static void kvm_on_sigbus(CPUState *env, siginfo_t *siginfo) hardware_memory_error(); } mce.addr = paddr; + kvm_hwpoison_page_add(ram_addr); r = kvm_set_mce(env, &mce); if (r < 0) { fprintf(stderr, "kvm_set_mce: %s\n", strerror(errno)); @@ -2028,6 +2065,9 @@ int kvm_init_ap(void) action.sa_sigaction = (void (*)(int, siginfo_t*, void*))sigbus_handler; sigaction(SIGBUS, &action, NULL); prctl(PR_MCE_KILL, 1, 1, 0, 0); +#if defined(KVM_CAP_MCE) && defined(TARGET_I386) + qemu_register_reset(kvm_unpoison_all, NULL); +#endif return 0; } -- 1.7.3.2