Re: [PATCH 01/11] KVM: MMU: avoid pte_list_desc run out in kvm_mmu_pte_write
From: Xiao Guangrong
Date: Wed Jul 27 2011 - 05:35:23 EST
On 07/27/2011 05:00 PM, Avi Kivity wrote:
> On 07/26/2011 02:25 PM, Xiao Guangrong wrote:
>> kvm_mmu_pte_write is unsafe since we need to alloc pte_list_desc in the
>> function when spte is prefetched, unfortunately, we can not know how many
>> spte need to be prefetched on this path, that means we can use out of the
>> free pte_list_desc object in the cache, and BUG_ON() is triggered, also some
>> path does not fill the cache, such as INS instruction emulated that does not
>> trigger page fault
>>
>>
>> void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
>> const u8 *new, int bytes,
>> bool guest_initiated)
>> @@ -3583,6 +3596,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
>> break;
>> }
>>
>> + mmu_topup_memory_caches(vcpu);
>
> Please add a comment here describing why it's okay to ignore the error return.
>
OK
>> spin_lock(&vcpu->kvm->mmu_lock);
>> if (atomic_read(&vcpu->kvm->arch.invlpg_counter) != invlpg_counter)
>> gentry = 0;
>> @@ -3653,7 +3667,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa,
>> mmu_page_zap_pte(vcpu->kvm, sp, spte);
>> if (gentry&&
>> !((sp->role.word ^ vcpu->arch.mmu.base_role.word)
>> - & mask.word))
>> + & mask.word)&& get_free_pte_list_desc_nr(vcpu))
>> mmu_pte_write_new_pte(vcpu, sp, spte,&gentry);
>
> Wow, this bug was here since 2.6.23. Good catch.
>
> Please wrap or rename get_free_pte_list_desc_nr() in rmap_can_add(vcpu) so it's clearer why we're doing this.
>
OK, will do, thanks!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/