summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorMarc Zyngier <maz@kernel.org>2022-09-26 15:51:15 +0100
committerMarc Zyngier <maz@kernel.org>2022-09-29 10:23:08 +0100
commit8929bc9659640f35dd2ef8373263cbd885b4a072 (patch)
tree387c5d5d8eea6e87da003f2757aa93b9ff09ae67 /security
parentb90cb1053190353cc30f0fef0ef1f378ccc063c5 (diff)
downloadlinux-8929bc9659640f35dd2ef8373263cbd885b4a072.tar.gz
KVM: Use acquire/release semantics when accessing dirty ring GFN state
The current implementation of the dirty ring has an implicit requirement that stores to the dirty ring from userspace must be: - be ordered with one another - visible from another CPU executing a ring reset While these implicit requirements work well for x86 (and any other TSO-like architecture), they do not work for more relaxed architectures such as arm64 where stores to different addresses can be freely reordered, and loads from these addresses not observing writes from another CPU unless the required barriers (or acquire/release semantics) are used. In order to start fixing this, upgrade the ring reset accesses: - the kvm_dirty_gfn_harvested() helper now uses acquire semantics so it is ordered after all previous writes, including that from userspace - the kvm_dirty_gfn_set_invalid() helper now uses release semantics so that the next_slot and next_offset reads don't drift past the entry invalidation This is only a partial fix as the userspace side also need upgrading. Signed-off-by: Marc Zyngier <maz@kernel.org> Reviewed-by: Gavin Shan <gshan@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Link: https://lore.kernel.org/r/20220926145120.27974-2-maz@kernel.org
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions