From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH] kvm: fix to update memslots properly
Date: Tue, 10 Mar 2015 12:59:01 +0100
Message-ID: <54FEDC85.8060002@redhat.com>
References: <1419569710-8127-1-git-send-email-tiejun.chen@intel.com> <549F1989.5050305@redhat.com> <20150309205438.GA3204@amt.cnet> <54FE8C66.8020001@intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Cc: KVM list <kvm@vger.kernel.org>,
	Andy Lutomirski <luto@amacapital.net>,
	jamie@audible.transient.net, Igor Mammedov <imammedo@redhat.com>
To: "Chen, Tiejun" <tiejun.chen@intel.com>,
	Marcelo Tosatti <mtosatti@redhat.com>
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:38838 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1750989AbbCJL7K (ORCPT <rfc822;kvm@vger.kernel.org>);
	Tue, 10 Mar 2015 07:59:10 -0400
In-Reply-To: <54FE8C66.8020001@intel.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>


>>> This suggests another fix.  We can change the insertion to use a ">="
>>> comparison, as in your first patch.  Alone it is not correct, but we
>>> only need to take some care and avoid breaking the case of deleting a
>>> memslot.
>>>
>>> It's enough to wrap the second loop (that you patched) with
>>> "if (new->npages)".  In the new->npages == 0 case the first loop has
>>> already set i to the right value, and moving i back would be wrong:
>>>
>>> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
>>> index f5283438ee05..050974c051b5 100644
>>> --- a/virt/kvm/kvm_main.c
>>> +++ b/virt/kvm/kvm_main.c
>>> @@ -687,11 +687,23 @@ static void update_memslots(struct kvm_memslots
>>> *slots,
>>>           slots->id_to_index[mslots[i].id] = i;
>>>           i++;
>>>       }
>>> -    while (i > 0 &&
>>> -           new->base_gfn > mslots[i - 1].base_gfn) {
>>> -        mslots[i] = mslots[i - 1];
>>> -        slots->id_to_index[mslots[i].id] = i;
>>> -        i--;
>>> +
>>> +    /*
>>> +     * The ">=" is needed when creating a slot with base_gfn == 0,
>>> +     * so that it moves before all those with base_gfn == npages == 0.
>>> +     *
>>> +     * On the other hand, if new->npages is zero, the above loop has
>>> +     * already left i pointing to the beginning of the empty part of
>>> +     * mslots, and the ">=" would move the hole backwards in this
>>> +     * case---which is wrong.  So skip the loop when deleting a slot.
>>> +     */
>>> +    if (new->npages) {
>>> +        while (i > 0 &&
>>> +               new->base_gfn >= mslots[i - 1].base_gfn) {
>>> +            mslots[i] = mslots[i - 1];
>>> +            slots->id_to_index[mslots[i].id] = i;
>>> +            i--;
>>> +        }
>>>       }
>>>
>>>       mslots[i] = *new;
>>>
>>> Paolo
>>
>> Paolo,
>>
>> Can you include a proper changelog for this patch?
>>
> 
> But this is already applied long time ago...

Yes, this is commit efbeec7098eee2b3d2359d0cc24bbba0436e7f21.

Paolo