On Tue, 2021-08-24 at 15:55 +0800, Lai Jiangshan wrote:
> From: Lai Jiangshan <laijs@xxxxxxxxxxxxxxxxx>
>
> When kvm->tlbs_dirty > 0, some rmaps might have been deleted
> without flushing tlb remotely after kvm_sync_page(). If @gfn
> was writable before and it's rmaps was deleted in kvm_sync_page(),
> we need to flush tlb too even if __rmap_write_protect() doesn't
> request it.
>
> Fixes: 4731d4c7a077 ("KVM: MMU: out of sync shadow core")
> Signed-off-by: Lai Jiangshan <laijs@xxxxxxxxxxxxxxxxx>
> ---
> arch/x86/kvm/mmu/mmu.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c
> index 4853c033e6ce..313918df1a10 100644
> --- a/arch/x86/kvm/mmu/mmu.c
> +++ b/arch/x86/kvm/mmu/mmu.c
> @@ -1420,6 +1420,14 @@ bool kvm_mmu_slot_gfn_write_protect(struct kvm *kvm,
> rmap_head = gfn_to_rmap(gfn, i, slot);
> write_protected |= __rmap_write_protect(kvm, rmap_head, true);
> }
> + /*
> + * When kvm->tlbs_dirty > 0, some rmaps might have been deleted
> + * without flushing tlb remotely after kvm_sync_page(). If @gfn
> + * was writable before and it's rmaps was deleted in kvm_sync_page(),
> + * we need to flush tlb too.
> + */
> + if (min_level == PG_LEVEL_4K && kvm->tlbs_dirty)
> + write_protected = true;
This is a bit misleading, as the gfn is not write protected in this case, but we
just want tlb flush. Maybe add a new output paramter to the function, telling
if we want a tlb flush?
> }
>
> if (is_tdp_mmu_enabled(kvm))
> @@ -5733,6 +5741,14 @@ void kvm_mmu_slot_remove_write_access(struct kvm *kvm,
> flush = slot_handle_level(kvm, memslot, slot_rmap_write_protect,
> start_level, KVM_MAX_HUGEPAGE_LEVEL,
> false);
> + /*
> + * When kvm->tlbs_dirty > 0, some rmaps might have been deleted
> + * without flushing tlb remotely after kvm_sync_page(). If @gfn
> + * was writable before and it's rmaps was deleted in kvm_sync_page(),
> + * we need to flush tlb too.
> + */
> + if (start_level == PG_LEVEL_4K && kvm->tlbs_dirty)
> + flush = true;
> write_unlock(&kvm->mmu_lock);
> }
>
Best regards,
Maxim Levitsky
