Commit f55c3f41 authored by Xiao Guangrong's avatar Xiao Guangrong Committed by Avi Kivity

KVM: MMU: unalias gfn before sp->gfns[] comparison in sync_page

sp->gfns[] contain unaliased gfns, but gpte might contain pointer
to aliased region.
Signed-off-by: default avatarXiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: default avatarMarcelo Tosatti <mtosatti@redhat.com>
parent 6d74229f
...@@ -586,7 +586,7 @@ static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp) ...@@ -586,7 +586,7 @@ static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
unsigned pte_access; unsigned pte_access;
pt_element_t gpte; pt_element_t gpte;
gpa_t pte_gpa; gpa_t pte_gpa;
gfn_t gfn = sp->gfns[i]; gfn_t gfn;
if (!is_shadow_present_pte(sp->spt[i])) if (!is_shadow_present_pte(sp->spt[i]))
continue; continue;
...@@ -597,8 +597,9 @@ static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp) ...@@ -597,8 +597,9 @@ static int FNAME(sync_page)(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp)
sizeof(pt_element_t))) sizeof(pt_element_t)))
return -EINVAL; return -EINVAL;
if (gpte_to_gfn(gpte) != gfn || !is_present_gpte(gpte) || gfn = gpte_to_gfn(gpte);
!(gpte & PT_ACCESSED_MASK)) { if (unalias_gfn(vcpu->kvm, gfn) != sp->gfns[i] ||
!is_present_gpte(gpte) || !(gpte & PT_ACCESSED_MASK)) {
u64 nonpresent; u64 nonpresent;
rmap_remove(vcpu->kvm, &sp->spt[i]); rmap_remove(vcpu->kvm, &sp->spt[i]);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment