On 04/27/2012 06:00 AM, Marcelo Tosatti wrote:
>> static void walk_shadow_page_lockless_end(struct kvm_vcpu *vcpu)
>> {
>> - /* Decrease the counter after walking shadow page table finished */
>> - smp_mb__before_atomic_dec();
>> - atomic_dec(&vcpu->kvm->arch.reader_counter);
>> - rcu_read_unlock();
>> + /*
>> + * Make our reads and writes to shadow page tables globally visible
>> + * before leaving READING_SHADOW_PAGE_TABLES mode.
>> + */
>
> This comment is misleading. Writes to shadow page tables must be
> performed with locked instructions outside the mmu_lock.
>
You mean that the write should guarantee a correct memory order by itself?
>> + smp_mb();
>> + vcpu->mode = OUTSIDE_GUEST_MODE;
>
> Don't you want
>
> vcpu->mode = OUTSIDE_GUEST_MODE;
> smp_mb();
>
It is unsafe i think, it is a problem if spte read / spte update is ordered
to the behind of vcpu->mode = OUTSIDE_GUEST_MODE, like below:
VCPU 0 VCPU 1
commit_zapped_page:
/*
* setting vcpu->mode is reordered
* to the head of read spte.
*/
vcpu->mode = OUTSIDE_GUEST_MODE;
see VCPU 0 is out-of-guest-mode, IPI is
not sent, and the sp is free immediately.
read spte;
OOPS!!!
(It is invalid since spte is freed.)
smp_mb
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
