On Wed, Jan 07, 2009 at 01:32:41PM +0200, Avi Kivity wrote:
> Marcelo Tosatti wrote:
>> Let me shoot at one direction: a shadow page with PGE bit in either
>> state is created. Later that shadow page is nuked (via mmu notifiers,
>> for example).
>
> I doubt that mmu notifiers were invoked in this case (the bug would be
> very rare); in any case we flush the tlb.
This comment is worrying
/*
* FIXME: Tis shouldn't be necessary here, but there is a flush
* missing in the MMU code. Until we find this bug, flush the
* complete TLB here on an NPF
*/
if (npt_enabled)
svm_flush_tlb(&svm->vcpu);
Alexander, you might want to try this patch, -ENONPT here (and revert the
previous
one). I have no clue, what else could be causing this?
diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 10bdb2a..bf68e5b 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -33,6 +33,7 @@
#include <asm/cmpxchg.h>
#include <asm/io.h>
#include <asm/vmx.h>
+#include <asm/tlbflush.h>
/*
* When setting this variable to true it enables Two-Dimensional-Paging
@@ -1850,6 +1851,11 @@ static int __direct_map(struct kvm_vcpu *vcpu, gpa_t v,
int write,
if (*iterator.sptep == shadow_trap_nonpresent_pte) {
pseudo_gfn = (iterator.addr & PT64_DIR_BASE_ADDR_MASK)
>> PAGE_SHIFT;
+
+ kvm_flush_remote_tlbs(vcpu->kvm);
+ kvm_mmu_flush_tlb(vcpu);
+ __flush_tlb();
+
sp = kvm_mmu_get_page(vcpu, pseudo_gfn, iterator.addr,
iterator.level - 1,
1, ACC_ALL, iterator.sptep);
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
