From: Avi Kivity <avi@redhat.com>
To: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
kvm@vger.kernel.org
Subject: Re: [PATCH 7/7] KVM: MMU: Validate all gptes during fetch, not just those used for new pages
Date: Mon, 12 Jul 2010 11:58:55 +0300 [thread overview]
Message-ID: <4C3AD94F.8030809@redhat.com> (raw)
In-Reply-To: <1278862955-6890-8-git-send-email-avi@redhat.com>
On 07/11/2010 06:42 PM, Avi Kivity wrote:
> Currently, when we fetch an spte, we only verify that gptes match those that
> the walker saw if we build new shadow pages for them.
>
> However, this misses the following race:
>
> vcpu1 vcpu2
>
> walk
> change gpte
> walk
> instantiate sp
>
> fetch existing sp
>
> Fix by validating every gpte, regardless of whether it is used for building
> a new sp or not.
>
> Signed-off-by: Avi Kivity<avi@redhat.com>
> ---
> arch/x86/kvm/paging_tmpl.h | 18 ++++++++++--------
> 1 files changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
> index a7f8295..4bbd0c7 100644
> --- a/arch/x86/kvm/paging_tmpl.h
> +++ b/arch/x86/kvm/paging_tmpl.h
> @@ -325,7 +325,7 @@ static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
> int *ptwrite, pfn_t pfn)
> {
> unsigned access = gw->pt_access;
> - struct kvm_mmu_page *sp;
> + struct kvm_mmu_page *uninitialized_var(sp);
> u64 *sptep = NULL;
> int uninitialized_var(level);
> bool dirty = is_dirty_gpte(gw->ptes[gw->level - 1]);
> @@ -343,18 +343,19 @@ static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
> shadow_walk_okay(&iterator)&& iterator.level> gw->level;
> shadow_walk_next(&iterator)) {
> gfn_t table_gfn;
> + bool new_page = false;
>
> level = iterator.level;
> sptep = iterator.sptep;
>
> drop_spte_if_large(vcpu, sptep);
>
> - if (is_shadow_present_pte(*sptep))
> - continue;
>
See, this gets dropped.
> -
> - table_gfn = gw->table_gfn[level - 2];
> - sp = kvm_mmu_get_page(vcpu, table_gfn, addr, level-1,
> - false, access, sptep);
> + if (!is_shadow_present_pte(*sptep)) {
> + table_gfn = gw->table_gfn[level - 2];
> + sp = kvm_mmu_get_page(vcpu, table_gfn, addr, level-1,
> + false, access, sptep);
> + new_page = true;
> + }
>
> if (!FNAME(validate_indirect_spte)(vcpu, sptep, sp,
> gw, level)) {
>
Now we need to change validate_indirect_spte() to account for all levels.
--
error compiling committee.c: too many arguments to function
prev parent reply other threads:[~2010-07-12 8:58 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-11 15:42 [PATCH 0/7] Simplify and fix fetch() Avi Kivity
2010-07-11 15:42 ` [PATCH 1/7] KVM: MMU: Add link_shadow_page() helper Avi Kivity
2010-07-12 4:58 ` Xiao Guangrong
2010-07-11 15:42 ` [PATCH 2/7] KVM: MMU: Use __set_spte to link shadow pages Avi Kivity
2010-07-12 4:58 ` Xiao Guangrong
2010-07-11 15:42 ` [PATCH 3/7] KVM: MMU: Add drop_spte_if_large() helper Avi Kivity
2010-07-12 4:59 ` Xiao Guangrong
2010-07-11 15:42 ` [PATCH 4/7] KVM: MMU: Add validate_direct_spte() helper Avi Kivity
2010-07-12 5:00 ` Xiao Guangrong
2010-07-11 15:42 ` [PATCH 5/7] KVM: MMU: Add validate_indirect_spte() helper Avi Kivity
2010-07-12 5:01 ` Xiao Guangrong
2010-07-12 5:12 ` Xiao Guangrong
2010-07-12 8:50 ` Avi Kivity
2010-07-11 15:42 ` [PATCH 6/7] KVM: MMU: Simplify spte fetch() function Avi Kivity
2010-07-11 16:08 ` Avi Kivity
2010-07-12 5:10 ` Xiao Guangrong
2010-07-12 8:52 ` Avi Kivity
2010-07-12 5:08 ` Xiao Guangrong
2010-07-12 8:53 ` Avi Kivity
2010-07-11 15:42 ` [PATCH 7/7] KVM: MMU: Validate all gptes during fetch, not just those used for new pages Avi Kivity
2010-07-12 5:10 ` Xiao Guangrong
2010-07-12 8:58 ` Avi Kivity [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C3AD94F.8030809@redhat.com \
--to=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=xiaoguangrong@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox