>>> This suggests another fix. We can change the insertion to use a ">="
>>> comparison, as in your first patch. Alone it is not correct, but we
>>> only need to take some care and avoid breaking the case of deleting a
>>> memslot.
>>>
>>> It's enough to wrap the second loop (that you patched) with
>>> "if (new->npages)". In the new->npages == 0 case the first loop has
>>> already set i to the right value, and moving i back would be wrong:
>>>
>>> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
>>> index f5283438ee05..050974c051b5 100644
>>> --- a/virt/kvm/kvm_main.c
>>> +++ b/virt/kvm/kvm_main.c
>>> @@ -687,11 +687,23 @@ static void update_memslots(struct kvm_memslots
>>> *slots,
>>> slots->id_to_index[mslots[i].id] = i;
>>> i++;
>>> }
>>> - while (i > 0 &&
>>> - new->base_gfn > mslots[i - 1].base_gfn) {
>>> - mslots[i] = mslots[i - 1];
>>> - slots->id_to_index[mslots[i].id] = i;
>>> - i--;
>>> +
>>> + /*
>>> + * The ">=" is needed when creating a slot with base_gfn == 0,
>>> + * so that it moves before all those with base_gfn == npages == 0.
>>> + *
>>> + * On the other hand, if new->npages is zero, the above loop has
>>> + * already left i pointing to the beginning of the empty part of
>>> + * mslots, and the ">=" would move the hole backwards in this
>>> + * case---which is wrong. So skip the loop when deleting a slot.
>>> + */
>>> + if (new->npages) {
>>> + while (i > 0 &&
>>> + new->base_gfn >= mslots[i - 1].base_gfn) {
>>> + mslots[i] = mslots[i - 1];
>>> + slots->id_to_index[mslots[i].id] = i;
>>> + i--;
>>> + }
>>> }
>>>
>>> mslots[i] = *new;
>>>
>>> Paolo
>>
>> Paolo,
>>
>> Can you include a proper changelog for this patch?
>>
>
> But this is already applied long time ago...
Yes, this is commit efbeec7098eee2b3d2359d0cc24bbba0436e7f21.
Paolo
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
