From mboxrd@z Thu Jan 1 00:00:00 1970 From: Izik Eidus Subject: Re: missing kvm smp tlb flush in invlpg Date: Sun, 15 Mar 2009 22:11:29 +0200 Message-ID: <49BD60F1.1050501@redhat.com> References: <20090312171843.GU27823@random.random> <20090315192342.GA6651@amt.cnet> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Andrea Arcangeli , kvm@vger.kernel.org To: Marcelo Tosatti Return-path: Received: from mx2.redhat.com ([66.187.237.31]:60228 "EHLO mx2.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758839AbZCOULf (ORCPT ); Sun, 15 Mar 2009 16:11:35 -0400 Received: from int-mx2.corp.redhat.com (int-mx2.corp.redhat.com [172.16.27.26]) by mx2.redhat.com (8.13.8/8.13.8) with ESMTP id n2FKBXtf028666 for ; Sun, 15 Mar 2009 16:11:33 -0400 In-Reply-To: <20090315192342.GA6651@amt.cnet> Sender: kvm-owner@vger.kernel.org List-ID: Marcelo Tosatti wrote: > On Thu, Mar 12, 2009 at 06:18:43PM +0100, Andrea Arcangeli wrote: > >> From: Andrea Arcangeli >> >> While looking at invlpg out of sync code with Izik I think I noticed a >> missing smp tlb flush here. Without this the other cpu can still write >> to a freed host physical page. tlb smp flush must happen if >> rmap_remove is called always before mmu_lock is released because the >> VM will take the mmu_lock before it can finally add the page to the >> freelist after swapout. mmu notifier makes it safe to flush the tlb >> after freeing the page (otherwise it would never be safe) so we can do >> a single flush for multiple sptes invalidated. >> > > I think this fix is more expensive than it needs to be, but better than > being unsafe for now. > > Acked-by: Marcelo Tosatti > > What about inside mmu_set_spte(): } else if (pfn != spte_to_pfn(*shadow_pte)) { pgprintk("hfn old %lx new %lx\n", spte_to_pfn(*shadow_pte), pfn); rmap_remove(vcpu->kvm, shadow_pte); } else Doesnt this required tlb flush for all the cpus as well?