From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Rousseau <jrrousseau@gmail.com>
Subject: Re: KVM: MMU: avoid creation of unreachable pages in the shadow
Date: Tue, 25 Nov 2008 13:27:27 -0500
Message-ID: <492C438F.70203@gmail.com>
References: <20081125143310.GA11578@dmt.cnet>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Avi Kivity <avi@redhat.com>, kvm-devel <kvm@vger.kernel.org>
To: Marcelo Tosatti <mtosatti@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from qw-out-2122.google.com ([74.125.92.27]:4531 "EHLO
	qw-out-2122.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751521AbYKYS1a (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 25 Nov 2008 13:27:30 -0500
Received: by qw-out-2122.google.com with SMTP id 3so39940qwe.37
        for <kvm@vger.kernel.org>; Tue, 25 Nov 2008 10:27:29 -0800 (PST)
In-Reply-To: <20081125143310.GA11578@dmt.cnet>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Marcelo Tosatti wrote:
> It is possible for a shadow page to have a parent link
> pointing to a freed page. When zapping a high level table,
> kvm_mmu_page_unlink_children fails to remove the parent_pte link.
> For that to happen, the child must be unreachable via the shadow 
> tree, which can happen in shadow_walk_entry if the guest pte was
> modified in between walk() and fetch(). Remove the parent pte 
> reference in such case.
> 
> Possible cause for oops in bug #2217430.

I'll apply this to the code that I'm testing, but with my change to 
2.6.27, kvm-79 and Avi's patch from bug #2217430, I haven't seen the 
problem again. I still have been testing with oos_shadow=0, which I'll 
get rid of now.

Thanks
-John