From mboxrd@z Thu Jan  1 00:00:00 1970
From: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Subject: Re: [PATCH 7/7] KVM: MMU: Validate all gptes during fetch, not just
 those used for new pages
Date: Mon, 12 Jul 2010 13:10:10 +0800
Message-ID: <4C3AA3B2.1080307@cn.fujitsu.com>
References: <1278862955-6890-1-git-send-email-avi@redhat.com> <1278862955-6890-8-git-send-email-avi@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: Marcelo Tosatti <mtosatti@redhat.com>, kvm@vger.kernel.org
To: Avi Kivity <avi@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from cn.fujitsu.com ([222.73.24.84]:65061 "EHLO song.cn.fujitsu.com"
	rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP
	id S1751198Ab0GLFOJ (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 12 Jul 2010 01:14:09 -0400
In-Reply-To: <1278862955-6890-8-git-send-email-avi@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>



Avi Kivity wrote:
> Currently, when we fetch an spte, we only verify that gptes match those that
> the walker saw if we build new shadow pages for them.
> 
> However, this misses the following race:
> 
>   vcpu1            vcpu2
> 
>   walk
>                   change gpte
>                   walk
>                   instantiate sp
> 
>   fetch existing sp
> 
> Fix by validating every gpte, regardless of whether it is used for building
> a new sp or not.
> 

Reviewed-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>