On Oct 16, 2013, at 6:21 AM, Marcelo Tosatti <mtosatti@xxxxxxxxxx> wrote: > On Tue, Oct 15, 2013 at 06:57:05AM +0300, Gleb Natapov wrote: >>> >>> Why is it safe to allow access, by the lockless page write protect >>> side, to spt pointer for shadow page A that can change to a shadow page >>> pointer of shadow page B? >>> >>> Write protect spte of any page at will? Or verify that in fact thats the >>> shadow you want to write protect? >>> >>> Note that spte value might be the same for different shadow pages, >>> so cmpxchg succeeding does not guarantees its the same shadow page that >>> has been protected. >>> >> Two things can happen: spte that we accidentally write protect is some >> other last level spte - this is benign, it will be unprotected on next >> fault. > > Nothing forbids two identical writable sptes to point to a same pfn. How > do you know you are write protecting the correct one? (the proper gfn). > > Lockless walk sounds interesting. By the time you get to the lower > level, that might be a different spte. That's safe. Since get-dirty-log is serialized by slot-lock the dirty-bit can not be lost - even if we write-protect on the different memslot (the dirty bit is still set). The worst case is we write-protect on a unnecessary spte and cause a extra #PF but that is really race. And the lockless rmap-walker can detect the new spte so that write-protection on the memslot is not missed. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
