Re: [PATCH 00/13] KVM: MMU: fast page fault

[Avi Kivity]

On 04/06/2012 08:24 AM, Xiao Guangrong wrote:
>
> Foolish me, i should be crazy. Sorry for my mistake. :(
>
> Unfortunately, it can not work, we can not get a stable gfn from gpte or
> sp->gfns[]. For example:
>
> beginning:
> Gpte = Gfn1
> gfn_to_pfn(Gfn1) = Pfn
> Spte = Pfn
> Gfn1 is write-free
> Gfn2 is write-protected
>
>
> VCPU 0                              VCPU 1                     VCPU 2
>
> fault on gpte
> fast page fault path:
>   set Spte.fast_pf
>   get Gfn1 from Gpte/sp->gfns[]
>   if (Gfn1 is writable)
>                                 Pfn is swapped out:
> 					Spte = 0
> 				Gpte is modified to Gfn2,
>                                 and Pfn is realloced and remapped
>                                 to Gfn2, so:
>                                         Spte = Pfn
>
>                                                           fast page fault path:
>                                                              set Spte.fast_pf
>
>          cmpxchg  Spte+w
>             OOPS!!!
>   <we see Spte is not changed and
>    happily make it writable, so gfn2 can be writable>
>
> It seems only a unique identification can prevent this. :(
>

Ouch.

What about restricting this to role.direct=1?  Then gfn is stable?

-- 
error compiling committee.c: too many arguments to function

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/