# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID 1405615a31d52bfcc75593bcad2ec8d4f21fff21
# Parent 0db18b9c3efa5423998d4ffc15fc6e03b78b5a57
Several page allocations, done in the hypervisor when starting an HVM
domain, are not checked. This can cause the physical machine to crash
when starting the HVM domain during low-memory conditions.
Kudos to Charles Arnold for catching the problem with
shadow_direct_map_init.
Signed-off-by: Charles Coffing <ccoffing@xxxxxxxxxx>
xen-unstable changeset: 10042:d714f923b7cfff705dcf9aae30a06709340059aa
xen-unstable date: Fri May 19 16:10:52 2006 +0100
---
xen/arch/x86/hvm/hvm.c | 6 +++++-
xen/arch/x86/hvm/svm/svm.c | 4 +++-
xen/arch/x86/hvm/svm/vmcb.c | 17 ++++++++++-------
3 files changed, 18 insertions(+), 9 deletions(-)
diff -r 0db18b9c3efa -r 1405615a31d5 xen/arch/x86/hvm/hvm.c
--- a/xen/arch/x86/hvm/hvm.c Thu May 18 17:24:16 2006 +0100
+++ b/xen/arch/x86/hvm/hvm.c Fri May 19 16:14:54 2006 +0100
@@ -189,7 +189,11 @@ void hvm_setup_platform(struct domain* d
if ( !hvm_guest(current) || (current->vcpu_id != 0) )
return;
- shadow_direct_map_init(d);
+ if ( shadow_direct_map_init(d) == 0 )
+ {
+ printk("Can not allocate shadow direct map for HVM domain.\n");
+ domain_crash_synchronous();
+ }
hvm_map_io_shared_page(d);
hvm_get_info(d);
diff -r 0db18b9c3efa -r 1405615a31d5 xen/arch/x86/hvm/svm/svm.c
--- a/xen/arch/x86/hvm/svm/svm.c Thu May 18 17:24:16 2006 +0100
+++ b/xen/arch/x86/hvm/svm/svm.c Fri May 19 16:14:54 2006 +0100
@@ -458,6 +458,9 @@ int start_svm(void)
if (!(test_bit(X86_FEATURE_SVME, &boot_cpu_data.x86_capability)))
return 0;
+ svm_globals[cpu].hsa = alloc_host_save_area();
+ if (! svm_globals[cpu].hsa)
+ return 0;
rdmsr(MSR_EFER, eax, edx);
eax |= EFER_SVME;
@@ -466,7 +469,6 @@ int start_svm(void)
printk("AMD SVM Extension is enabled for cpu %d.\n", cpu );
/* Initialize the HSA for this core */
- svm_globals[cpu].hsa = alloc_host_save_area();
phys_hsa = (u64) virt_to_maddr( svm_globals[cpu].hsa );
phys_hsa_lo = (u32) phys_hsa;
phys_hsa_hi = (u32) (phys_hsa >> 32);
diff -r 0db18b9c3efa -r 1405615a31d5 xen/arch/x86/hvm/svm/vmcb.c
--- a/xen/arch/x86/hvm/svm/vmcb.c Thu May 18 17:24:16 2006 +0100
+++ b/xen/arch/x86/hvm/svm/vmcb.c Fri May 19 16:14:54 2006 +0100
@@ -139,17 +139,20 @@ static int construct_vmcb_controls(struc
/* The following is for I/O and MSR permision map */
iopm = alloc_xenheap_pages(get_order_from_bytes(IOPM_SIZE));
-
- ASSERT(iopm);
- memset(iopm, 0xff, IOPM_SIZE);
- clear_bit(PC_DEBUG_PORT, iopm);
+ if (iopm)
+ {
+ memset(iopm, 0xff, IOPM_SIZE);
+ clear_bit(PC_DEBUG_PORT, iopm);
+ }
msrpm = alloc_xenheap_pages(get_order_from_bytes(MSRPM_SIZE));
-
- ASSERT(msrpm);
- memset(msrpm, 0xff, MSRPM_SIZE);
+ if (msrpm)
+ memset(msrpm, 0xff, MSRPM_SIZE);
arch_svm->iopm = iopm;
arch_svm->msrpm = msrpm;
+
+ if (! iopm || ! msrpm)
+ return 1;
vmcb->iopm_base_pa = (u64) virt_to_maddr(iopm);
vmcb->msrpm_base_pa = (u64) virt_to_maddr(msrpm);
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|