KVM: MMU: unalias gfn before sp->gfns[] comparison in sync_page sp->gfns[] contain unaliased gfns, but gpte might contain pointer to aliased region. Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>

commit: f55c3f419ab1f0a9d66f44ceeefe752975ae4233 [log] [tgz]
author: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com> Thu May 13 10:08:08 2010 +0800
committer: Avi Kivity <avi@redhat.com> Sun Aug 01 10:35:46 2010 +0300
tree: 9553bcf0c3af3ceac9bf6ce6c28ee0fdac28f525
parent: 6d74229f013ed8e4a00d74cfa7a3fa6a2315c467 [diff] [blame]
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 15e379e..22f1379 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h

@@ -586,7 +586,7 @@
 		unsigned pte_access;
 		pt_element_t gpte;
 		gpa_t pte_gpa;
-		gfn_t gfn = sp->gfns[i];
+		gfn_t gfn;
 
 		if (!is_shadow_present_pte(sp->spt[i]))
 			continue;
@@ -597,8 +597,9 @@
 					  sizeof(pt_element_t)))
 			return -EINVAL;
 
-		if (gpte_to_gfn(gpte) != gfn || !is_present_gpte(gpte) ||
-		    !(gpte & PT_ACCESSED_MASK)) {
+		gfn = gpte_to_gfn(gpte);
+		if (unalias_gfn(vcpu->kvm, gfn) != sp->gfns[i] ||
+		      !is_present_gpte(gpte) || !(gpte & PT_ACCESSED_MASK)) {
 			u64 nonpresent;
 
 			rmap_remove(vcpu->kvm, &sp->spt[i]);
commit	f55c3f419ab1f0a9d66f44ceeefe752975ae4233	[log] [tgz]
author	Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>	Thu May 13 10:08:08 2010 +0800
committer	Avi Kivity <avi@redhat.com>	Sun Aug 01 10:35:46 2010 +0300
tree	9553bcf0c3af3ceac9bf6ce6c28ee0fdac28f525
parent	6d74229f013ed8e4a00d74cfa7a3fa6a2315c467 [diff] [blame]