KVM: MMU: fix wrong not write protected sp report

The audit code reports some sp not write protected in current code, it's just the
bug in audit_write_protection(), since:

- the invalid sp not need write protected
- using uninitialize local variable('gfn')
- call kvm_mmu_audit() out of mmu_lock's protection

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Avi Kivity <avi@redhat.com>

1 files changed, 3 insertions, 2 deletions

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index 1c784b96dac3..68575dc32ec7 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -3708,16 +3708,17 @@ static void audit_write_protection(struct kvm_vcpu *vcpu)
         struct kvm_memory_slot *slot;
         unsigned long *rmapp;
         u64 *spte;
-        gfn_t gfn;
 
         list_for_each_entry(sp, &vcpu->kvm->arch.active_mmu_pages, link) {
                 if (sp->role.direct)
                         continue;
                 if (sp->unsync)
                         continue;
+                if (sp->role.invalid)
+                        continue;
 
                 slot = gfn_to_memslot(vcpu->kvm, sp->gfn);
-                rmapp = &slot->rmap[gfn - slot->base_gfn];
+                rmapp = &slot->rmap[sp->gfn - slot->base_gfn];
 
                 spte = rmap_next(vcpu->kvm, rmapp, NULL);
                 while (spte) {