On 13/09/12 05:09, Christoffer Dall wrote: > When we take a write fault on an existing page mapped read-only in the > guest, we need to make sure that a another guest CPU does not access a > page that got freed on the host, so we need to get a reference for the > existing read-only page until the TLB is flushed and the stage-2 table > is updated. > > Also flushes the TLB when updating an existing present pte entry. > > Signed-off-by: Christoffer Dall <c.dall@xxxxxxxxxxxxxxxxxxxxxx> > --- > arch/arm/kvm/mmu.c | 44 +++++++++++++++++++++++++++++++------------- > 1 file changed, 31 insertions(+), 13 deletions(-) > > diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c > index 0c45cc2..e741d1d 100644 > --- a/arch/arm/kvm/mmu.c > +++ b/arch/arm/kvm/mmu.c > @@ -420,7 +420,7 @@ static void stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, > pgd_t *pgd; > pud_t *pud; > pmd_t *pmd; > - pte_t *pte; > + pte_t *pte, old_pte; > > /* Create 2nd stage page table mapping - Level 1 */ > pgd = kvm->arch.pgd + pgd_index(addr); > @@ -448,9 +448,11 @@ static void stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, > pte = pte_offset_kernel(pmd, addr); > > /* Create 2nd stage page table mapping - Level 3 */ > - BUG_ON(pte_none(pte)); > + old_pte = *pte; > set_pte_ext(pte, *new_pte, 0); > get_page(virt_to_page(pte)); > + if (pte_present(old_pte)) > + __kvm_tlb_flush_vmid(kvm); Hmmm. If we're updating the pte, the ref-count must stay the same. Here, you're leaking the pte page. M. -- Jazz is not dead. It just smells funny... _______________________________________________ kvmarm mailing list kvmarm@xxxxxxxxxxxxxxxxxxxxx https://lists.cs.columbia.edu/cucslists/listinfo/kvmarm
