From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marcelo Tosatti Subject: [patch 3/4] KVM: MMU: flush TLBs on writable -> read-only spte overwrite Date: Fri, 22 Oct 2010 14:18:17 -0200 Message-ID: <20101022162031.499103636@redhat.com> References: <20101022161814.098714474@redhat.com> Cc: avi@redhat.com, aarcange@redhat.com, Marcelo Tosatti To: kvm@vger.kernel.org Return-path: Received: from mx1.redhat.com ([209.132.183.28]:41707 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756366Ab0JVQXG (ORCPT ); Fri, 22 Oct 2010 12:23:06 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o9MGN6wV031724 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Fri, 22 Oct 2010 12:23:06 -0400 Content-Disposition: inline; filename=mmu-flush-tlb-on-overwrite Sender: kvm-owner@vger.kernel.org List-ID: This can happen in the following scenario: vcpu0 vcpu1 read fault gup(.write=0) gup(.write=1) reuse swap cache, no COW set writable spte use writable spte set read-only spte Signed-off-by: Marcelo Tosatti Index: kvm/arch/x86/kvm/mmu.c =================================================================== --- kvm.orig/arch/x86/kvm/mmu.c +++ kvm/arch/x86/kvm/mmu.c @@ -2068,6 +2068,16 @@ static void mmu_set_spte(struct kvm_vcpu spte_to_pfn(*sptep), pfn); drop_spte(vcpu->kvm, sptep, shadow_trap_nonpresent_pte); kvm_flush_remote_tlbs(vcpu->kvm); + /* + * If we overwrite a writable spte with a read-only one, + * drop it and flush remote TLBs. Otherwise rmap_write_protect + * will find a read-only spte, even though the writable spte + * might be cached on a CPU's TLB. + */ + } else if (is_writable_pte(*sptep) && + (!(pte_access & ACC_WRITE_MASK) || !dirty)) { + drop_spte(vcpu->kvm, sptep, shadow_trap_nonpresent_pte); + kvm_flush_remote_tlbs(vcpu->kvm); } else was_rmapped = 1; }