xemu/hw
David Gibson b27b323914 virtio-balloon: Fix possible guest memory corruption with inflates & deflates
This fixes a balloon bug with a nasty consequence - potentially
corrupting guest memory - but which is extremely unlikely to be
triggered in practice.

The balloon always works in 4kiB units, but the host could have a
larger page size on certain platforms.  Since ed48c59 "virtio-balloon:
Safely handle BALLOON_PAGE_SIZE < host page size" we've handled this
by accumulating requests to balloon 4kiB subpages until they formed a
full host page.  Since f6deb6d "virtio-balloon: Remove unnecessary
MADV_WILLNEED on deflate" we essentially ignore deflate requests.

Suppose we have a host with 8kiB pages, and one host page has subpages
A & B.  If we get this sequence of events -
	inflate A
	deflate A
	inflate B
- the current logic will discard the whole host page.  That's
incorrect because the guest has deflated subpage A, and could have
written important data to it.

This patch fixes the problem by adjusting our state information about
partially ballooned host pages when deflate requests are received.

Fixes: ed48c59 "virtio-balloon: Safely handle BALLOON_PAGE_SIZE < host page size"

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20190306030601.21986-3-david@gibson.dropbear.id.au>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: David Hildenbrand <david@redhat.com>
2019-03-12 21:22:31 -04:00
..
9pfs virtio: express virtio dependencies with Kconfig 2019-03-07 21:45:53 +01:00
acpi Machine queue, 2019-03-11 2019-03-12 15:25:46 +00:00
adc kconfig: introduce kconfig files 2019-03-07 21:45:53 +01:00
alpha - qtest fixes 2019-03-08 16:31:34 +00:00
arm audio: introduce -audiodev 2019-03-12 16:45:13 +00:00
audio audio: use qapi AudioFormat instead of audfmt_e 2019-03-11 10:29:26 +01:00
block pflash_cfi01: Add pflash_cfi01_get_blk() helper 2019-03-11 22:53:44 +01:00
bt kconfig: introduce kconfig files 2019-03-07 21:45:53 +01:00
char spapr: Use CamelCase properly 2019-03-12 14:33:05 +11:00
core Machine queue, 2019-03-11 2019-03-12 15:25:46 +00:00
cpu kconfig: introduce kconfig files 2019-03-07 21:45:53 +01:00
cris cris-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
display audio: introduce -audiodev 2019-03-12 16:45:13 +00:00
dma isa: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
gpio i2c: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
hppa - qtest fixes 2019-03-08 16:31:34 +00:00
hyperv hyperv: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
i2c PPC: E500: Add FSL I2C controller and integrate RTC with it 2019-03-12 14:33:04 +11:00
i386 Machine queue, 2019-03-11 2019-03-12 15:25:46 +00:00
ide isa: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
input audio: use qapi AudioFormat instead of audfmt_e 2019-03-11 10:29:26 +01:00
intc spapr: Use CamelCase properly 2019-03-12 14:33:05 +11:00
ipack build: convert pci.mak to Kconfig 2019-03-07 21:45:53 +01:00
ipmi ipmi: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
isa isa: express SuperIO dependencies with Kconfig 2019-03-07 21:45:53 +01:00
lm32 pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
m68k m68k-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
mem ppc64: Express dependencies of 'pseries' and 'powernv' machines with kconfig 2019-03-07 21:45:53 +01:00
microblaze pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
mips pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
misc sparc-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
moxie moxie-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
net spapr: Use CamelCase properly 2019-03-12 14:33:05 +11:00
nios2 nios2-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
nvram fw_cfg and thunk code clean up 2019-03-12 12:29:53 +00:00
openrisc or1k-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
pci build: convert pci.mak to Kconfig 2019-03-07 21:45:53 +01:00
pci-bridge i386-softmmu.mak: remove all CONFIG_* except boards definitions 2019-03-07 21:45:53 +01:00
pci-host ppc: Express dependencies of the Mac machines with kconfig 2019-03-07 21:46:19 +01:00
pcmcia kconfig: introduce kconfig files 2019-03-07 21:45:53 +01:00
ppc Pflash and firmware configuration patches for 2019-03-11 2019-03-12 11:12:36 +00:00
rdma hw/rdma: modify struct initialization 2019-01-19 11:01:33 +02:00
riscv riscv/Kconfig: enable PCI_DEVICES 2019-03-11 16:33:49 +01:00
s390x s390x: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
scsi spapr: Use CamelCase properly 2019-03-12 14:33:05 +11:00
sd sd: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
sh4 pflash: Clean up after commit 368a354f02, part 2 2019-03-11 22:53:44 +01:00
smbios kconfig: introduce kconfig files 2019-03-07 21:45:53 +01:00
sparc sparc-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
sparc64 sparc64-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
ssi ssi: express dependencies with kconfig 2019-03-07 21:45:53 +01:00
timer i386-softmmu.mak: remove all CONFIG_* except boards definitions 2019-03-07 21:45:53 +01:00
tpm tpm: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
tricore - qtest fixes 2019-03-08 16:31:34 +00:00
unicore32 unicore32-softmmu.mak: express dependencies with Kconfig 2019-03-07 21:46:19 +01:00
usb audio: use qapi AudioFormat instead of audfmt_e 2019-03-11 10:29:26 +01:00
vfio VFIO updates 2019-03-11 2019-03-12 13:37:29 +00:00
virtio virtio-balloon: Fix possible guest memory corruption with inflates & deflates 2019-03-12 21:22:31 -04:00
watchdog ptimer: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
xen xen: fix xen-bus state model to allow frontend re-connection 2019-02-04 11:04:49 +00:00
xenpv xen: Replace few mentions of xend by libxl 2019-01-14 13:45:40 +00:00
xtensa hw: Use PFLASH_CFI0{1,2} and TYPE_PFLASH_CFI0{1,2} 2019-03-11 22:53:44 +01:00
Kconfig ptimer: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
Makefile.objs i2c: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00