Re: [PATCH 01/11] KVM: MMU: avoid pte_list_desc run out in kvm_mmu_pte_write

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/26/2011 02:25 PM, Xiao Guangrong wrote:
kvm_mmu_pte_write is unsafe since we need to alloc pte_list_desc in the
function when spte is prefetched, unfortunately, we can not know how many
spte need to be prefetched on this path, that means we can use out of the
free  pte_list_desc object in the cache, and BUG_ON() is triggered, also some
path does not fill the cache, such as INS instruction emulated that does not
trigger page fault


  void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
  		       const u8 *new, int bytes,
  		       bool guest_initiated)
@@ -3583,6 +3596,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
  		break;
  	}

+	mmu_topup_memory_caches(vcpu);

Please add a comment here describing why it's okay to ignore the error return.

  	spin_lock(&vcpu->kvm->mmu_lock);
  	if (atomic_read(&vcpu->kvm->arch.invlpg_counter) != invlpg_counter)
  		gentry = 0;
@@ -3653,7 +3667,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
  			mmu_page_zap_pte(vcpu->kvm, sp, spte);
  			if (gentry&&
  			!((sp->role.word ^ vcpu->arch.mmu.base_role.word)
-			&  mask.word))
+			&  mask.word)&&  get_free_pte_list_desc_nr(vcpu))
  				mmu_pte_write_new_pte(vcpu, sp, spte,&gentry);

Wow, this bug was here since 2.6.23.  Good catch.

Please wrap or rename get_free_pte_list_desc_nr() in rmap_can_add(vcpu) so it's clearer why we're doing this.


--
error compiling committee.c: too many arguments to function

--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux