On Sat, Jul 05, 2008 at 08:25:30PM +0300, Avi Kivity wrote:
>> @@ -1955,6 +1955,22 @@ void kvm_mmu_slot_remove_write_access(st
>> }
>> }
>> +int kvm_mmu_slot_has_shadowed_page(struct kvm *kvm, int slot)
>> +{
>> + struct kvm_mmu_page *sp;
>> + int ret = 0;
>> +
>> + spin_lock(&kvm->mmu_lock);
>> + list_for_each_entry(sp, &kvm->arch.active_mmu_pages, link) {
>> + if (test_bit(slot, &sp->slot_bitmap)) {
>> + ret = -EINVAL;
>> + break;
>> + }
>> + }
>> + spin_unlock(&kvm->mmu_lock);
>> + return ret;
>> +}
>> +
>>
>
> I don't like the guest influencing host actions in this way. It's just
> a guest.
>
> But I think it's unneeded. kvm_mmu_zap_page() will mark a root shadow
> page invalid and force all vcpus to reload it, so all that's needed is
> to keep the mmu spinlock held while removing the slot.
You're still keeping a shadowed page around with sp->gfn pointing to
non-existant memslot. The code generally makes the assumption that
gfn_to_memslot(gfn) on shadowed info will not fail.
kvm_mmu_zap_page -> unaccount_shadowed, for example.
The other option is to harden gfn_to_memslot() callers to handle
failure, is that saner?
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
