From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marcelo Tosatti <mtosatti@redhat.com>
Subject: KVM: MMU: fix missing locking in alloc_mmu_pages
Date: Wed, 15 Jul 2009 15:34:41 -0300
Message-ID: <20090715183441.GA8402@amt.cnet>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
To: kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx2.redhat.com ([66.187.237.31]:50439 "EHLO mx2.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755994AbZGOSez (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 15 Jul 2009 14:34:55 -0400
Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26])
	by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n6FIYtmp007553
	for <kvm@vger.kernel.org>; Wed, 15 Jul 2009 14:34:55 -0400
Received: from ns3.rdu.redhat.com (ns3.rdu.redhat.com [10.11.255.199])
	by int-mx2.corp.redhat.com (8.13.1/8.13.1) with ESMTP id n6FIYsLH025065
	for <kvm@vger.kernel.org>; Wed, 15 Jul 2009 14:34:54 -0400
Received: from amt.cnet (vpn-51-36.sfbay.redhat.com [10.14.51.36])
	by ns3.rdu.redhat.com (8.13.8/8.13.8) with ESMTP id n6FIYnmG005831
	for <kvm@vger.kernel.org>; Wed, 15 Jul 2009 14:34:54 -0400
Received: from amt.cnet (amt.cnet [127.0.0.1])
	by amt.cnet (Postfix) with ESMTP id 54D32680143
	for <kvm@vger.kernel.org>; Wed, 15 Jul 2009 15:34:42 -0300 (BRT)
Received: (from marcelo@localhost)
	by amt.cnet (8.14.3/8.14.3/Submit) id n6FIYfJ9008413
	for kvm@vger.kernel.org; Wed, 15 Jul 2009 15:34:41 -0300
Content-Disposition: inline
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>


n_requested_mmu_pages/n_free_mmu_pages are used by
kvm_mmu_change_mmu_pages to calculate the number of pages to zap.

alloc_mmu_pages, called from the vcpu initialization path, modifies this
variables without proper locking, which can result in a negative value
in kvm_mmu_change_mmu_pages (say, with cpu hotplug).

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 7162651..6773d49 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -2704,12 +2704,14 @@ static int alloc_mmu_pages(struct kvm_vcpu *vcpu)
 
 	ASSERT(vcpu);
 
+	spin_lock(&vcpu->kvm->mmu_lock);
 	if (vcpu->kvm->arch.n_requested_mmu_pages)
 		vcpu->kvm->arch.n_free_mmu_pages =
 					vcpu->kvm->arch.n_requested_mmu_pages;
 	else
 		vcpu->kvm->arch.n_free_mmu_pages =
 					vcpu->kvm->arch.n_alloc_mmu_pages;
+	spin_unlock(&vcpu->kvm->mmu_lock);
 	/*
 	 * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64.
 	 * Therefore we need to allocate shadow page tables in the first