diff options
author | Huang Ying <ying.huang@intel.com> | 2010-06-22 02:23:11 -0400 |
---|---|---|
committer | Avi Kivity <avi@redhat.com> | 2010-08-01 03:47:11 -0400 |
commit | bbeb34062fbad287c949a945a516a0c15b179993 (patch) | |
tree | cf29b50e076ba1ddc07d5b1292f243653a2f67a9 | |
parent | 6c3f6041172b78d5532c6bf3680d304e92ec2e66 (diff) |
KVM: Fix a race condition for usage of is_hwpoison_address()
is_hwpoison_address accesses the page table, so the caller must hold
current->mm->mmap_sem in read mode. So fix its usage in hva_to_pfn of
kvm accordingly.
Comment is_hwpoison_address to remind other users.
Reported-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
-rw-r--r-- | mm/memory-failure.c | 3 | ||||
-rw-r--r-- | virt/kvm/kvm_main.c | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 378b0f61fd3c..6b44e52cacaa 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c | |||
@@ -1298,6 +1298,9 @@ done: | |||
1298 | return ret; | 1298 | return ret; |
1299 | } | 1299 | } |
1300 | 1300 | ||
1301 | /* | ||
1302 | * The caller must hold current->mm->mmap_sem in read mode. | ||
1303 | */ | ||
1301 | int is_hwpoison_address(unsigned long addr) | 1304 | int is_hwpoison_address(unsigned long addr) |
1302 | { | 1305 | { |
1303 | pgd_t *pgdp; | 1306 | pgd_t *pgdp; |
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 74f731920945..ec2e3c6ac7ed 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c | |||
@@ -947,12 +947,13 @@ static pfn_t hva_to_pfn(struct kvm *kvm, unsigned long addr) | |||
947 | if (unlikely(npages != 1)) { | 947 | if (unlikely(npages != 1)) { |
948 | struct vm_area_struct *vma; | 948 | struct vm_area_struct *vma; |
949 | 949 | ||
950 | down_read(¤t->mm->mmap_sem); | ||
950 | if (is_hwpoison_address(addr)) { | 951 | if (is_hwpoison_address(addr)) { |
952 | up_read(¤t->mm->mmap_sem); | ||
951 | get_page(hwpoison_page); | 953 | get_page(hwpoison_page); |
952 | return page_to_pfn(hwpoison_page); | 954 | return page_to_pfn(hwpoison_page); |
953 | } | 955 | } |
954 | 956 | ||
955 | down_read(¤t->mm->mmap_sem); | ||
956 | vma = find_vma(current->mm, addr); | 957 | vma = find_vma(current->mm, addr); |
957 | 958 | ||
958 | if (vma == NULL || addr < vma->vm_start || | 959 | if (vma == NULL || addr < vma->vm_start || |