From mboxrd@z Thu Jan  1 00:00:00 1970
From: Avi Kivity <avi@redhat.com>
Subject: Re: [PATCH v2 7/8] KVM: MMU: Validate all gptes during fetch, not
 just those used for new pages
Date: Mon, 12 Jul 2010 16:06:09 +0300
Message-ID: <4C3B1341.1090303@redhat.com>
References: <1278934254-5598-1-git-send-email-avi@redhat.com> <1278934254-5598-8-git-send-email-avi@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
To: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>,
	Marcelo Tosatti <mtosatti@redhat.com>, kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:35007 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754872Ab0GLNGP (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 12 Jul 2010 09:06:15 -0400
In-Reply-To: <1278934254-5598-8-git-send-email-avi@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 07/12/2010 02:30 PM, Avi Kivity wrote:
> Currently, when we fetch an spte, we only verify that gptes match those that
> the walker saw if we build new shadow pages for them.
>
> However, this misses the following race:
>
>    vcpu1            vcpu2
>
>    walk
>                    change gpte
>                    walk
>                    instantiate sp
>
>    fetch existing sp
>
> Fix by validating every gpte, regardless of whether it is used for building
> a new sp or not.
>
>
> +	/*
> +	 * Verify that the top-level gpte is still there.  Since the page
> +	 * is a root page, it is either write protected (and cannot be
> +	 * changed from now on) or it is invalid (in which case, we don't
> +	 * really care if it changes underneath us after this point).
> +	 */
> +	if (!FNAME(validate_indirect_spte)(vcpu, sptep, sp,
> +					   gw, top_level))
> +		goto out_error;
> +
>    

This bit is a little broken.  Will post v3 soon.

-- 
error compiling committee.c: too many arguments to function