diff options
author | Izik Eidus <izike@qumranet.com> | 2007-11-20 04:30:04 -0500 |
---|---|---|
committer | Avi Kivity <avi@qumranet.com> | 2008-01-30 10:53:08 -0500 |
commit | 2065b3727ecdb64450597d70f7e13af00b85dbd8 (patch) | |
tree | cbfcc78359c7738ee748569bbc6eec39f17a8784 | |
parent | 2d2a7b9cff7f6324e69daa3ab76799641a94a0e8 (diff) |
KVM: MMU: Fix potential memory leak with smp real-mode
When we map a page, we check whether some other vcpu mapped it for us and if
so, bail out. But we should decrease the refcount on the page as we do so.
Signed-off-by: Izik Eidus <izike@qumranet.com>
Signed-off-by: Avi Kivity <avi@qumranet.com>
-rw-r--r-- | drivers/kvm/mmu.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/drivers/kvm/mmu.c b/drivers/kvm/mmu.c index 87d8e70fe502..8add4d5c6840 100644 --- a/drivers/kvm/mmu.c +++ b/drivers/kvm/mmu.c | |||
@@ -907,8 +907,10 @@ static int nonpaging_map(struct kvm_vcpu *vcpu, gva_t v, hpa_t p) | |||
907 | 907 | ||
908 | pte = table[index]; | 908 | pte = table[index]; |
909 | was_rmapped = is_rmap_pte(pte); | 909 | was_rmapped = is_rmap_pte(pte); |
910 | if (is_shadow_present_pte(pte) && is_writeble_pte(pte)) | 910 | if (is_shadow_present_pte(pte) && is_writeble_pte(pte)) { |
911 | kvm_release_page(pfn_to_page(p >> PAGE_SHIFT)); | ||
911 | return 0; | 912 | return 0; |
913 | } | ||
912 | mark_page_dirty(vcpu->kvm, v >> PAGE_SHIFT); | 914 | mark_page_dirty(vcpu->kvm, v >> PAGE_SHIFT); |
913 | page_header_update_slot(vcpu->kvm, table, v); | 915 | page_header_update_slot(vcpu->kvm, table, v); |
914 | table[index] = p | PT_PRESENT_MASK | PT_WRITABLE_MASK | | 916 | table[index] = p | PT_PRESENT_MASK | PT_WRITABLE_MASK | |