From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andi Kleen Subject: Re: [PATCH] KVM: MMU: Fix rmap_remove() race Date: 27 Mar 2008 16:26:01 +0100 Message-ID: <87myokkx2u.fsf@basil.nowhere.org> References: <1206543773-26386-1-git-send-email-avi@qumranet.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: kvm-devel@lists.sourceforge.net, Marcelo Tosatti , Andrea Arcangeli To: Avi Kivity Return-path: In-Reply-To: <1206543773-26386-1-git-send-email-avi@qumranet.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kvm-devel-bounces@lists.sourceforge.net Errors-To: kvm-devel-bounces@lists.sourceforge.net List-Id: kvm.vger.kernel.org Avi Kivity writes: (thought i sent a reply before, but i don't see it now. sorry if you see it twice) > Andrea notes that freeing the page before flushing the tlb is a race, as the > guest can sneak in one last write before the tlb is flushed, writing to a > page that may belong to someone else. > > Fix be reversing the order of freeing and flushing the tlb. Since the tlb > flush is expensive, queue the pages to be freed so we need to flush just once. You have to do the same for the page tables too, because several modern CPUs cache the higher level of the page tables and only invalidate the cache on any TLB flush. Strictly it is only needed for the higher levels, but doing it for all is safer. -Andi ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace