Prev: [PATCH padmux.c] Fix typo in kerneldoc
Next: New ACL format for better NFSv4 acl interoperability
From: Avi Kivity on 5 Jul 2010 05:30
On 07/05/2010 12:09 PM, Xiao Guangrong wrote:
>
> Avi Kivity wrote:
>
>
>> I'm not convinced we can bypass the checks. Consider:
>>
>>
>> VCPU0 VCPU1
>>
>> #PF
>> walk_addr
>> -> gpml4e0,gpdpe0,gpde0,gpte0
>>
>> replace gpdpe0 with gpdpe1
>> #PF
>> walk_addr
>> -> gpml4e0,gpdpe1,gpde1,gpte1
>> fetch
>> -> establish hpml4e0,hpdpte1,hpde0,hpte1
>> fetch
>> read hpdpe1
>> if (present(hpdpe1))
>> continue;
>> ...
>> write hpte0 using shadow hieratchy for hpte1
>>
>>
> Ah, i missed this case, thanks for you point it out, i'll fix it in
> the next version.
>

Note: I think we have to check _after_ kvm_mmu_get_page(), otherwise we
might be checking a page that is not write-protected and can change again.

So the logic needs to be something like

for_each_shadow_entry:
if (!last_level && !present(*spte))
kvm_mmu_get_page
verify gpte
if (last_level)
mmu_set_spte()

--
error compiling committee.c: too many arguments to function

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
From: Xiao Guangrong on 5 Jul 2010 05:40


Avi Kivity wrote:

>
> Note: I think we have to check _after_ kvm_mmu_get_page(), otherwise we
> might be checking a page that is not write-protected and can change again.
>
> So the logic needs to be something like
>
> for_each_shadow_entry:
> if (!last_level && !present(*spte))
> kvm_mmu_get_page
> verify gpte
> if (last_level)
> mmu_set_spte()
>

Agree! Will do it.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo(a)vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
First  |  Prev  | 
Pages: 1 2 3 4
Prev: [PATCH padmux.c] Fix typo in kerneldoc
Next: New ACL format for better NFSv4 acl interoperability