aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorAvi Kivity <avi@qumranet.com>2008-02-26 22:12:10 +0200
committerAvi Kivity <avi@qumranet.com>2008-03-04 15:19:49 +0200
commitf7d9c7b7b902f9f532738d47593d9679b0b182d9 (patch)
tree61af54605ead13b71f664a0ce4776720d10a3ef1 /security
parent8c35f237fb5664d30aa90448c3d6cea0cbb43f35 (diff)
downloadkernel_samsung_smdk4412-f7d9c7b7b902f9f532738d47593d9679b0b182d9.tar.gz
kernel_samsung_smdk4412-f7d9c7b7b902f9f532738d47593d9679b0b182d9.tar.bz2
kernel_samsung_smdk4412-f7d9c7b7b902f9f532738d47593d9679b0b182d9.zip
KVM: MMU: Fix race when instantiating a shadow pte
For improved concurrency, the guest walk is performed concurrently with other vcpus. This means that we need to revalidate the guest ptes once we have write-protected the guest page tables, at which point they can no longer be modified. The current code attempts to avoid this check if the shadow page table is not new, on the assumption that if it has existed before, the guest could not have modified the pte without the shadow lock. However the assumption is incorrect, as the racing vcpu could have modified the pte, then instantiated the shadow page, before our vcpu regains control: vcpu0 vcpu1 fault walk pte modify pte fault in same pagetable instantiate shadow page lookup shadow page conclude it is old instantiate spte based on stale guest pte We could do something clever with generation counters, but a test run by Marcelo suggests this is unnecessary and we can just do the revalidation unconditionally. The pte will be in the processor cache and the check can be quite fast. Signed-off-by: Avi Kivity <avi@qumranet.com>
Diffstat (limited to 'security')
0 files changed, 0 insertions, 0 deletions