On 02/02/2012 04:44 PM, Takuya Yoshikawa wrote:
> Avi Kivity <avi@xxxxxxxxxx> wrote:
>
> > > I have one concern about correctness issue though:
> > >
> > > concurrent rmap write protection may not be safe due to
> > > delayed tlb flush ... cannot happen?
> >
> > What do you mean by concurrent rmap write protection?
> >
>
> Not sure, but other codes like:
>
> - mmu_sync_children()
> for_each_sp(pages, sp, parents, i)
> protected |= rmap_write_protect(vcpu->kvm, sp->gfn);
>
> if (protected)
> kvm_flush_remote_tlbs(vcpu->kvm);
>
> - kvm_mmu_get_page()
> if (rmap_write_protect(vcpu->kvm, gfn))
> kvm_flush_remote_tlbs(vcpu->kvm);
>
> I just wondered what can happen if GET_DIRTY_LOG is being processed
> behind these processing?
It's a bug. If the flush happens outside the spinlock, then one of the
callers can return before it is assured the tlb is flushed.
A B
spin_lock
clear pte.w
spin_unlock
spin_lock
pte.w already clear
spin_unlock
skip flush
return
flush
>
>
> They may find nothing to write protect and won't do kvm_flush_remote_tlbs()
> if the gfn has been already protected by GET_DIRTY_LOG.
>
> But GET_DIRTY_LOG may still be busy write protecting other pages and
> others can return before. (My code releases mmu_lock to not include
> __put_user() in the critical section.)
>
> I am not still enough familier with these code yet.
It's actually an advantage, since you don't have any assumptions on how
the code works.
> (maybe empty concern)
Nope, good catch of this subtle bug.
--
error compiling committee.c: too many arguments to function
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
