diff options
author | Huang Ying <ying.huang@intel.com> | 2010-06-22 14:23:11 +0800 |
---|---|---|
committer | Avi Kivity <avi@redhat.com> | 2010-08-01 10:47:11 +0300 |
commit | bbeb34062fbad287c949a945a516a0c15b179993 (patch) | |
tree | cf29b50e076ba1ddc07d5b1292f243653a2f67a9 | |
parent | 6c3f6041172b78d5532c6bf3680d304e92ec2e66 (diff) | |
download | op-kernel-dev-bbeb34062fbad287c949a945a516a0c15b179993.zip op-kernel-dev-bbeb34062fbad287c949a945a516a0c15b179993.tar.gz |
KVM: Fix a race condition for usage of is_hwpoison_address()
is_hwpoison_address accesses the page table, so the caller must hold
current->mm->mmap_sem in read mode. So fix its usage in hva_to_pfn of
kvm accordingly.
Comment is_hwpoison_address to remind other users.
Reported-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
-rw-r--r-- | mm/memory-failure.c | 3 | ||||
-rw-r--r-- | virt/kvm/kvm_main.c | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 378b0f6..6b44e52 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -1298,6 +1298,9 @@ done: return ret; } +/* + * The caller must hold current->mm->mmap_sem in read mode. + */ int is_hwpoison_address(unsigned long addr) { pgd_t *pgdp; diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 74f7319..ec2e3c6 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -947,12 +947,13 @@ static pfn_t hva_to_pfn(struct kvm *kvm, unsigned long addr) if (unlikely(npages != 1)) { struct vm_area_struct *vma; + down_read(¤t->mm->mmap_sem); if (is_hwpoison_address(addr)) { + up_read(¤t->mm->mmap_sem); get_page(hwpoison_page); return page_to_pfn(hwpoison_page); } - down_read(¤t->mm->mmap_sem); vma = find_vma(current->mm, addr); if (vma == NULL || addr < vma->vm_start || |