From patchwork Wed May  5 12:21:13 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
X-Patchwork-Id: 97067
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o45COo03008230
	for <patchwork-kvm@patchwork.kernel.org>; Wed, 5 May 2010 12:24:50 GMT
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S934160Ab0EEMYX (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Wed, 5 May 2010 08:24:23 -0400
Received: from cn.fujitsu.com ([222.73.24.84]:62688 "EHLO
	song.cn.fujitsu.com"
	rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP
	id S932090Ab0EEMYX (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 5 May 2010 08:24:23 -0400
Received: from tang.cn.fujitsu.com (tang.cn.fujitsu.com [10.167.250.3])
	by song.cn.fujitsu.com (Postfix) with ESMTP id 4CB3A170131;
	Wed,  5 May 2010 20:24:22 +0800 (CST)
Received: from fnst.cn.fujitsu.com (tang.cn.fujitsu.com [127.0.0.1])
	by tang.cn.fujitsu.com (8.14.3/8.13.1) with ESMTP id o45CMUuw007188;
	Wed, 5 May 2010 20:22:30 +0800
Received: from [10.167.141.99] (unknown [10.167.141.99])
	by fnst.cn.fujitsu.com (Postfix) with ESMTPA id B72C1DC307;
	Wed,  5 May 2010 20:27:38 +0800 (CST)
Message-ID: <4BE162B9.201@cn.fujitsu.com>
Date: Wed, 05 May 2010 20:21:13 +0800
From: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Avi Kivity <avi@redhat.com>
CC: Marcelo Tosatti <mtosatti@redhat.com>, KVM list <kvm@vger.kernel.org>,
	LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH 2/2] KVM MMU: fix race in invlpg code
References: <4BE16265.7060004@cn.fujitsu.com>
In-Reply-To: <4BE16265.7060004@cn.fujitsu.com>
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by
	milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]);
	Wed, 05 May 2010 12:24:50 +0000 (UTC)


diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 624b38f..13ea675 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -462,11 +462,16 @@ out_unlock:
 
 static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
 {
-	struct kvm_mmu_page *sp = NULL;
+	struct kvm_mmu_page *sp = NULL, *s;
 	struct kvm_shadow_walk_iterator iterator;
+	struct hlist_head *bucket;
+	struct hlist_node *node, *tmp;
 	gfn_t gfn = -1;
 	u64 *sptep = NULL, gentry;
 	int invlpg_counter, level, offset = 0, need_flush = 0;
+	unsigned index;
+	bool live = false;
+	union kvm_mmu_page_role role;
 
 	spin_lock(&vcpu->kvm->mmu_lock);
 
@@ -480,7 +485,7 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
 
 			if (!sp->unsync)
 				break;
-
+			role = sp->role;
 			WARN_ON(level != PT_PAGE_TABLE_LEVEL);
 			shift = PAGE_SHIFT -
 				  (PT_LEVEL_BITS - PT64_LEVEL_BITS) * level;
@@ -519,10 +524,23 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva)
 
 	mmu_guess_page_from_pte_write(vcpu, gfn_to_gpa(gfn) + offset, gentry);
 	spin_lock(&vcpu->kvm->mmu_lock);
+	index = kvm_page_table_hashfn(gfn);
+	bucket = &vcpu->kvm->arch.mmu_page_hash[index];
+	hlist_for_each_entry_safe(s, node, tmp, bucket, hash_link)
+		if (s == sp) {
+			if (s->gfn == gfn && s->role.word == role.word)
+				live = true;
+			break;
+		}
+
+	if (!live)
+		goto unlock_exit;
+
 	if (atomic_read(&vcpu->kvm->arch.invlpg_counter) == invlpg_counter) {
 		++vcpu->kvm->stat.mmu_pte_updated;
 		FNAME(update_pte)(vcpu, sp, sptep, &gentry);
 	}
+unlock_exit:
 	spin_unlock(&vcpu->kvm->mmu_lock);
 	mmu_release_page_from_pte_write(vcpu);
 }