From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avi Kivity Subject: Re: [PATCH] KVM: MMU: Fix rmap_remove() race Date: Wed, 26 Mar 2008 17:15:20 +0200 Message-ID: <47EA6888.2000002@qumranet.com> References: <> <1206543773-26386-1-git-send-email-avi@qumranet.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: kvm-devel@lists.sourceforge.net To: Marcelo Tosatti , Andrea Arcangeli Return-path: In-Reply-To: <1206543773-26386-1-git-send-email-avi@qumranet.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kvm-devel-bounces@lists.sourceforge.net Errors-To: kvm-devel-bounces@lists.sourceforge.net List-Id: kvm.vger.kernel.org Avi Kivity wrote: > Andrea notes that freeing the page before flushing the tlb is a race, as the > guest can sneak in one last write before the tlb is flushed, writing to a > page that may belong to someone else. > > Fix be reversing the order of freeing and flushing the tlb. Since the tlb > flush is expensive, queue the pages to be freed so we need to flush just once. > > This was missing a conversion of rmap_remove() to rmap_remove_one() in paging_tmpl.h. I fixed it in my tree. But, a review would still be appreciated. -- error compiling committee.c: too many arguments to function ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace