KVM: MMU: improve invalid shadow root page handling

Harden kvm_mmu_zap_page() against invalid root pages that
had been shadowed from memslots that are gone.

Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@qumranet.com>

1 files changed, 4 insertions, 1 deletions

diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
index ff7cf632175b..7f57da663826 100644
--- a/arch/x86/kvm/mmu.c
+++ b/arch/x86/kvm/mmu.c
@@ -930,14 +930,17 @@ static void kvm_mmu_zap_page(struct kvm *kvm, struct kvm_mmu_page *sp)
         }
         kvm_mmu_page_unlink_children(kvm, sp);
         if (!sp->root_count) {
-                if (!sp->role.metaphysical)
+                if (!sp->role.metaphysical && !sp->role.invalid)
                         unaccount_shadowed(kvm, sp->gfn);
                 hlist_del(&sp->hash_link);
                 kvm_mmu_free_page(kvm, sp);
         } else {
+                int invalid = sp->role.invalid;
                 list_move(&sp->link, &kvm->arch.active_mmu_pages);
                 sp->role.invalid = 1;
                 kvm_reload_remote_mmus(kvm);
+                if (!sp->role.metaphysical && !invalid)
+                        unaccount_shadowed(kvm, sp->gfn);
         }
         kvm_mmu_reset_last_pte_updated(kvm);
 }