1 files changed, 12 insertions, 8 deletions

diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 03ba8608fe0f..ecc0856268c4 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -91,7 +91,10 @@ static bool FNAME(cmpxchg_gpte)(struct kvm *kvm,
         pt_element_t *table;
         struct page *page;
 
+        down_read(&current->mm->mmap_sem);
         page = gfn_to_page(kvm, table_gfn);
+        up_read(&current->mm->mmap_sem);
+
         table = kmap_atomic(page, KM_USER0);
 
         ret = CMPXCHG(&table[index], orig_pte, new_pte);
@@ -140,7 +143,7 @@ walk:
         }
 #endif
         ASSERT((!is_long_mode(vcpu) && is_pae(vcpu)) ||
-               (vcpu->cr3 & CR3_NONPAE_RESERVED_BITS) == 0);
+               (vcpu->arch.cr3 & CR3_NONPAE_RESERVED_BITS) == 0);
 
         pt_access = ACC_ALL;
 
@@ -297,7 +300,6 @@ static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
                 u64 shadow_pte;
                 int metaphysical;
                 gfn_t table_gfn;
-                bool new_page = 0;
 
                 shadow_ent = ((u64 *)__va(shadow_addr)) + index;
                 if (level == PT_PAGE_TABLE_LEVEL)
@@ -319,8 +321,8 @@ static u64 *FNAME(fetch)(struct kvm_vcpu *vcpu, gva_t addr,
                 }
                 shadow_page = kvm_mmu_get_page(vcpu, table_gfn, addr, level-1,
                                                metaphysical, access,
-                                               shadow_ent, &new_page);
-                if (new_page && !metaphysical) {
+                                               shadow_ent);
+                if (!metaphysical) {
                         int r;
                         pt_element_t curr_pte;
                         r = kvm_read_guest_atomic(vcpu->kvm,
@@ -378,7 +380,7 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr,
         if (r)
                 return r;
 
-        down_read(&current->mm->mmap_sem);
+        down_read(&vcpu->kvm->slots_lock);
         /*
          * Look up the shadow pte for the faulting address.
          */
@@ -392,11 +394,13 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr,
                 pgprintk("%s: guest page fault\n", __FUNCTION__);
                 inject_page_fault(vcpu, addr, walker.error_code);
                 vcpu->arch.last_pt_write_count = 0; /* reset fork detector */
-                up_read(&current->mm->mmap_sem);
+                up_read(&vcpu->kvm->slots_lock);
                 return 0;
         }
 
+        down_read(&current->mm->mmap_sem);
         page = gfn_to_page(vcpu->kvm, walker.gfn);
+        up_read(&current->mm->mmap_sem);
 
         spin_lock(&vcpu->kvm->mmu_lock);
         kvm_mmu_free_some_pages(vcpu);
@@ -413,14 +417,14 @@ static int FNAME(page_fault)(struct kvm_vcpu *vcpu, gva_t addr,
          */
         if (shadow_pte && is_io_pte(*shadow_pte)) {
                 spin_unlock(&vcpu->kvm->mmu_lock);
-                up_read(&current->mm->mmap_sem);
+                up_read(&vcpu->kvm->slots_lock);
                 return 1;
         }
 
         ++vcpu->stat.pf_fixed;
         kvm_mmu_audit(vcpu, "post page fault (fixed)");
         spin_unlock(&vcpu->kvm->mmu_lock);
-        up_read(&current->mm->mmap_sem);
+        up_read(&vcpu->kvm->slots_lock);
 
         return write_pt;
 }