Avi Kivity wrote: > Currently, when we fetch an spte, we only verify that gptes match those that > the walker saw if we build new shadow pages for them. > > However, this misses the following race: > > vcpu1 vcpu2 > > walk > change gpte > walk > instantiate sp > > fetch existing sp > > Fix by validating every gpte, regardless of whether it is used for building > a new sp or not. > Reviewed-by: Xiao Guangrong <xiaoguangrong@xxxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
