From patchwork Sun Aug 23 11:56:28 2009 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Avi Kivity X-Patchwork-Id: 43429 Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by demeter.kernel.org (8.14.2/8.14.2) with ESMTP id n7NC7Qer005531 for ; Sun, 23 Aug 2009 12:07:29 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933683AbZHWMBv (ORCPT ); Sun, 23 Aug 2009 08:01:51 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S933639AbZHWMAR (ORCPT ); Sun, 23 Aug 2009 08:00:17 -0400 Received: from mx1.redhat.com ([209.132.183.28]:25610 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933554AbZHWL4u (ORCPT ); Sun, 23 Aug 2009 07:56:50 -0400 Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n7NBuqWo025152; Sun, 23 Aug 2009 07:56:52 -0400 Received: from cleopatra.tlv.redhat.com (cleopatra.tlv.redhat.com [10.35.255.11]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id n7NBuo6n031603; Sun, 23 Aug 2009 07:56:51 -0400 Received: from localhost.localdomain (cleopatra.tlv.redhat.com [10.35.255.11]) by cleopatra.tlv.redhat.com (Postfix) with ESMTP id 037C3250AE1; Sun, 23 Aug 2009 14:56:47 +0300 (IDT) From: Avi Kivity To: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Subject: [PATCH 29/46] KVM: MMU: fix missing locking in alloc_mmu_pages Date: Sun, 23 Aug 2009 14:56:28 +0300 Message-Id: <1251028605-31977-30-git-send-email-avi@redhat.com> In-Reply-To: <1251028605-31977-1-git-send-email-avi@redhat.com> References: <1251028605-31977-1-git-send-email-avi@redhat.com> X-Scanned-By: MIMEDefang 2.67 on 10.5.11.12 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org From: Marcelo Tosatti n_requested_mmu_pages/n_free_mmu_pages are used by kvm_mmu_change_mmu_pages to calculate the number of pages to zap. alloc_mmu_pages, called from the vcpu initialization path, modifies this variables without proper locking, which can result in a negative value in kvm_mmu_change_mmu_pages (say, with cpu hotplug). Signed-off-by: Marcelo Tosatti --- arch/x86/kvm/mmu.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c index 87c67f4..86c2551 100644 --- a/arch/x86/kvm/mmu.c +++ b/arch/x86/kvm/mmu.c @@ -2728,12 +2728,14 @@ static int alloc_mmu_pages(struct kvm_vcpu *vcpu) ASSERT(vcpu); + spin_lock(&vcpu->kvm->mmu_lock); if (vcpu->kvm->arch.n_requested_mmu_pages) vcpu->kvm->arch.n_free_mmu_pages = vcpu->kvm->arch.n_requested_mmu_pages; else vcpu->kvm->arch.n_free_mmu_pages = vcpu->kvm->arch.n_alloc_mmu_pages; + spin_unlock(&vcpu->kvm->mmu_lock); /* * When emulating 32-bit mode, cr3 is only 32 bits even on x86_64. * Therefore we need to allocate shadow page tables in the first