diff options
| author | Huang Ying <ying.huang@intel.com> | 2010-06-22 02:23:11 -0400 |
|---|---|---|
| committer | Avi Kivity <avi@redhat.com> | 2010-08-01 03:47:11 -0400 |
| commit | bbeb34062fbad287c949a945a516a0c15b179993 (patch) | |
| tree | cf29b50e076ba1ddc07d5b1292f243653a2f67a9 /virt/kvm/kvm_main.c | |
| parent | 6c3f6041172b78d5532c6bf3680d304e92ec2e66 (diff) | |
KVM: Fix a race condition for usage of is_hwpoison_address()
is_hwpoison_address accesses the page table, so the caller must hold
current->mm->mmap_sem in read mode. So fix its usage in hva_to_pfn of
kvm accordingly.
Comment is_hwpoison_address to remind other users.
Reported-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Huang Ying <ying.huang@intel.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
Diffstat (limited to 'virt/kvm/kvm_main.c')
| -rw-r--r-- | virt/kvm/kvm_main.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 74f731920945..ec2e3c6ac7ed 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c | |||
| @@ -947,12 +947,13 @@ static pfn_t hva_to_pfn(struct kvm *kvm, unsigned long addr) | |||
| 947 | if (unlikely(npages != 1)) { | 947 | if (unlikely(npages != 1)) { |
| 948 | struct vm_area_struct *vma; | 948 | struct vm_area_struct *vma; |
| 949 | 949 | ||
| 950 | down_read(¤t->mm->mmap_sem); | ||
| 950 | if (is_hwpoison_address(addr)) { | 951 | if (is_hwpoison_address(addr)) { |
| 952 | up_read(¤t->mm->mmap_sem); | ||
| 951 | get_page(hwpoison_page); | 953 | get_page(hwpoison_page); |
| 952 | return page_to_pfn(hwpoison_page); | 954 | return page_to_pfn(hwpoison_page); |
| 953 | } | 955 | } |
| 954 | 956 | ||
| 955 | down_read(¤t->mm->mmap_sem); | ||
| 956 | vma = find_vma(current->mm, addr); | 957 | vma = find_vma(current->mm, addr); |
| 957 | 958 | ||
| 958 | if (vma == NULL || addr < vma->vm_start || | 959 | if (vma == NULL || addr < vma->vm_start || |