On 14/02/2018 17:55, Joe Moriarty wrote: >> > Hi Paolo, > > Thank you for the review. I wasn't sure if the change I proposed was > correct or not. I will take your suggestion of posting to the mailing > list instead of as a patch the next time I encounter a situation like > this again. In the meantime, I will look at doing your suggestion of > passing kvm_memory_slot down to gfn_to_rmap() and the other functions > you pointed out above for the next version of the patch. It's not easy, but I can send you a box of beers if you get round to it. Note that I'm still not sure how the NULL pointer dereference can happen, and you didn't include more output from your tool, so you might be wasting your time after all... Anyway, I would start basically by mapping the paths from try_async_pf's callers to mmu_set_spte and from there to rmap_add. On the other hand, in the rmap_remove path, you probably should just exit immediately if slot is NULL. (Guangrong, do you have any idea why we don't zap SPTEs in kvm_arch_free_memslot?) Paolo
