Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7905d9a5 authored by Marcelo Tosatti's avatar Marcelo Tosatti Committed by Avi Kivity
Browse files

KVM: MMU: flush TLBs on writable -> read-only spte overwrite 



This can happen in the following scenario:

vcpu0			vcpu1
read fault
gup(.write=0)
			gup(.write=1)
			reuse swap cache, no COW
			set writable spte
			use writable spte
set read-only spte

Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: default avatarAvi Kivity <avi@redhat.com>
parent 982c2565

arch/x86/kvm/mmu.c

+10 −0
Original line number Diff line number Diff line
@@ -2069,6 +2069,16 @@ static void mmu_set_spte(struct kvm_vcpu *vcpu, u64 *sptep, 
				 spte_to_pfn(*sptep), pfn);

			drop_spte(vcpu->kvm, sptep, shadow_trap_nonpresent_pte);

			kvm_flush_remote_tlbs(vcpu->kvm);

		/*

		 * If we overwrite a writable spte with a read-only one,

		 * drop it and flush remote TLBs. Otherwise rmap_write_protect

		 * will find a read-only spte, even though the writable spte

		 * might be cached on a CPU's TLB.

		 */

		} else if (is_writable_pte(*sptep) &&

			  (!(pte_access & ACC_WRITE_MASK) || !dirty)) {

			drop_spte(vcpu->kvm, sptep, shadow_trap_nonpresent_pte);

			kvm_flush_remote_tlbs(vcpu->kvm);

		} else

			was_rmapped = 1;

	}