@@ -1469,7 +1469,6 @@ static inline void kvm_mod_used_mmu_pages(struct kvm *kvm, int nr)
static void kvm_mmu_isolate_page(struct kvm_mmu_page *sp)
{
ASSERT(is_empty_shadow_page(sp->spt));
- hlist_del(&sp->hash_link);
if (!sp->role.direct)
free_page((unsigned long)sp->gfns);
}
@@ -2111,9 +2110,15 @@ static int kvm_mmu_prepare_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp,
unaccount_shadowed(kvm, sp->gfn);
if (sp->unsync)
kvm_unlink_unsync_page(kvm, sp);
+
+ /* Next entry might be deleted by mmu_zap_unsync_children(). */
+ if (npos && ret)
+ npos->hn = sp->hash_link.next;
+
if (!sp->root_count) {
/* Count self */
ret++;
+ hlist_del(&sp->hash_link);
list_move(&sp->link, invalid_list);
kvm_mod_used_mmu_pages(kvm, -1);
} else {
Now that we are using for_each_gfn_indirect_valid_sp_safe, we can safely delete the node by correctly updating the pointer to the next one. The only case we need to care about is when mmu_zap_unsync_children() has zapped anything other than the current one. Signed-off-by: Takuya Yoshikawa <yoshikawa_takuya_b1@lab.ntt.co.jp> --- arch/x86/kvm/mmu.c | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-)