xen-changelog

[Top] [All Lists]

[Xen-changelog] Fixed a get/put_page mismatch for guest L2 pages. Someti

from [Xen patchbot -unstable]

[Permanent Link][Original]

To:	xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-changelog] Fixed a get/put_page mismatch for guest L2 pages. Sometimes, when you
From:	Xen patchbot -unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date:	Thu, 08 Dec 2005 19:12:07 +0000
Delivery-date:	Thu, 08 Dec 2005 19:12:48 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id:	BK change log <xen-changelog.lists.xensource.com>
List-post:	<mailto:xen-changelog@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to:	xen-devel@xxxxxxxxxxxxxxxxxxx
Sender:	xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx

# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID 29055c5ad51dabf44d855cdce41f192d2fe724aa
# Parent  37e19db6ecc338b86eca0b382aa8e2810078171a
Fixed a get/put_page mismatch for guest L2 pages.  Sometimes, when you
destroy an OS when it is in real mode, there is an extra put_page in
domain_relinquish_resource.  This causes the page be freed with
non-zero type count.  With ASSERT enabled, hypervisor will crash; with
debug=n, on some machines, the system will hang in
alloc_domheap_pages, due to type_info being a union with cpumask and
not equal to 0.

Signed-off-by: Xiaofeng Ling <xiaofeng.ling@xxxxxxxxx>

diff -r 37e19db6ecc3 -r 29055c5ad51d xen/arch/x86/vmx.c
--- a/xen/arch/x86/vmx.c        Thu Dec  8 14:13:38 2005
+++ b/xen/arch/x86/vmx.c        Thu Dec  8 14:18:13 2005
@@ -905,7 +905,7 @@
 int
 vmx_world_restore(struct vcpu *v, struct vmx_assist_context *c)
 {
-    unsigned long mfn, old_cr4;
+    unsigned long mfn, old_cr4, old_base_mfn;
     int error = 0;
 
     error |= __vmwrite(GUEST_RIP, c->eip);
@@ -945,7 +945,12 @@
             return 0;
         }
         mfn = get_mfn_from_pfn(c->cr3 >> PAGE_SHIFT);
+        if(!get_page(pfn_to_page(mfn), v->domain))
+                return 0;
+        old_base_mfn = pagetable_get_pfn(v->arch.guest_table);
         v->arch.guest_table = mk_pagetable(mfn << PAGE_SHIFT);
+        if (old_base_mfn)
+             put_page(pfn_to_page(old_base_mfn));
         update_pagetables(v);
         /*
          * arch.shadow_table should now hold the next CR3 for shadow
@@ -1174,9 +1179,11 @@
     }
 
     if(!((value & X86_CR0_PE) && (value & X86_CR0_PG)) && paging_enabled)
-        if(v->arch.arch_vmx.cpu_cr3)
+        if(v->arch.arch_vmx.cpu_cr3){
             put_page(pfn_to_page(get_mfn_from_pfn(
                       v->arch.arch_vmx.cpu_cr3 >> PAGE_SHIFT)));
+            v->arch.guest_table = mk_pagetable(0);
+        }
 
     /*
      * VMX does not implement real-mode virtualization. We emulate

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-changelog] Fixed a get/put_page mismatch for guest L2 pages. Sometimes, when you, Xen patchbot -unstable <=

Previous by Date:	[Xen-changelog] Improve VMX guest TSC accuracy when guests are, Xen patchbot -unstable
Next by Date:	[Xen-changelog] Don't unshadow when the shadow l2 is the current used shadow table., Xen patchbot -unstable
Previous by Thread:	[Xen-changelog] Improve VMX guest TSC accuracy when guests are, Xen patchbot -unstable
Next by Thread:	[Xen-changelog] Don't unshadow when the shadow l2 is the current used shadow table., Xen patchbot -unstable
Indexes:	[Date] [Thread] [Top] [All Lists]