In order to protect TDP MMU PT memory with RCU, ensure that page table links are properly rcu_derefenced. Reviewed-by: Peter Feiner <pfeiner@xxxxxxxxxx> Signed-off-by: Ben Gardon <bgardon@xxxxxxxxxx> --- arch/x86/kvm/mmu/tdp_iter.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu/tdp_iter.c b/arch/x86/kvm/mmu/tdp_iter.c index 87b7e16911db..82855613ffa0 100644 --- a/arch/x86/kvm/mmu/tdp_iter.c +++ b/arch/x86/kvm/mmu/tdp_iter.c @@ -49,6 +49,8 @@ void tdp_iter_start(struct tdp_iter *iter, u64 *root_pt, int root_level, */ u64 *spte_to_child_pt(u64 spte, int level) { + u64 *child_pt; + /* * There's no child entry if this entry isn't present or is a * last-level entry. @@ -56,7 +58,9 @@ u64 *spte_to_child_pt(u64 spte, int level) if (!is_shadow_present_pte(spte) || is_last_spte(spte, level)) return NULL; - return __va(spte_to_pfn(spte) << PAGE_SHIFT); + child_pt = __va(spte_to_pfn(spte) << PAGE_SHIFT); + + return rcu_dereference(child_pt); } /* -- 2.30.0.284.gd98b1dd5eaa7-goog