a889ea54b3
Many TDP MMU functions which need to perform some action on all TDP MMU roots hold a reference on that root so that they can safely drop the MMU lock in order to yield to other threads. However, when releasing the reference on the root, there is a bug: the root will not be freed even if its reference count (root_count) is reduced to 0. To simplify acquiring and releasing references on TDP MMU root pages, and to ensure that these roots are properly freed, move the get/put operations into another TDP MMU root iterator macro. Moving the get/put operations into an iterator macro also helps simplify control flow when a root does need to be freed. Note that using the list_for_each_entry_safe macro would not have been appropriate in this situation because it could keep a pointer to the next root across an MMU lock release + reacquire, during which time that root could be freed. Reported-by: Maciej S. Szmigiero <maciej.szmigiero@oracle.com> Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Fixes: |
||
|---|---|---|
| .. | ||
| mmu.c | ||
| mmu_audit.c | ||
| mmu_internal.h | ||
| mmutrace.h | ||
| page_track.c | ||
| paging_tmpl.h | ||
| spte.c | ||
| spte.h | ||
| tdp_iter.c | ||
| tdp_iter.h | ||
| tdp_mmu.c | ||
| tdp_mmu.h | ||