• Avi Kivity's avatar
    KVM: Fix off-by-one when writing to a nonpae guest pde · 6b8d0f9b
    Avi Kivity authored
    Nonpae guest pdes are shadowed by two pae ptes, so we double the offset
    twice: once to account for the pte size difference, and once because we
    need to shadow pdes for a single guest pde.
    
    But when writing to the upper guest pde we also need to truncate the
    lower bits, otherwise the multiply shifts these bits into the pde index
    and causes an access to the wrong shadow pde.  If we're at the end of the
    page (accessing the very last guest pde) we can even overflow into the
    next host page and oops.
    Signed-off-by: default avatarAvi Kivity <avi@qumranet.com>
    6b8d0f9b
mmu.c 35 KB