On 07/12/2010 02:30 PM, Avi Kivity wrote:
Currently, when we fetch an spte, we only verify that gptes match those that the walker saw if we build new shadow pages for them.However, this misses the following race: vcpu1 vcpu2 walk change gpte walk instantiate sp fetch existing sp Fix by validating every gpte, regardless of whether it is used for building a new sp or not. + /* + * Verify that the top-level gpte is still there. Since the page + * is a root page, it is either write protected (and cannot be + * changed from now on) or it is invalid (in which case, we don't + * really care if it changes underneath us after this point). + */ + if (!FNAME(validate_indirect_spte)(vcpu, sptep, sp, + gw, top_level)) + goto out_error; +
This bit is a little broken. Will post v3 soon. -- error compiling committee.c: too many arguments to function -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
