On Sun, Mar 15, 2009 at 10:11:29PM +0200, Izik Eidus wrote:
> Marcelo Tosatti wrote:
>> On Thu, Mar 12, 2009 at 06:18:43PM +0100, Andrea Arcangeli wrote:
>>
>>> From: Andrea Arcangeli <aarcange@xxxxxxxxxx>
>>>
>>> While looking at invlpg out of sync code with Izik I think I noticed a
>>> missing smp tlb flush here. Without this the other cpu can still write
>>> to a freed host physical page. tlb smp flush must happen if
>>> rmap_remove is called always before mmu_lock is released because the
>>> VM will take the mmu_lock before it can finally add the page to the
>>> freelist after swapout. mmu notifier makes it safe to flush the tlb
>>> after freeing the page (otherwise it would never be safe) so we can do
>>> a single flush for multiple sptes invalidated.
>>>
>>
>> I think this fix is more expensive than it needs to be, but better than
>> being unsafe for now.
>>
>> Acked-by: Marcelo Tosatti <mtosatti@xxxxxxxxxx>
>>
>>
> What about inside mmu_set_spte():
> } else if (pfn != spte_to_pfn(*shadow_pte)) {
> pgprintk("hfn old %lx new %lx\n",
> spte_to_pfn(*shadow_pte), pfn);
> rmap_remove(vcpu->kvm, shadow_pte);
> } else
>
> Doesnt this required tlb flush for all the cpus as well?
Probably. This particular condition can only happen without mmu
notifiers, and when doing mmap(MADV_DONTNEED), though.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
