This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] [xen-unstable] ioemu: Fix bug in map cache

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] ioemu: Fix bug in map cache
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Sep 2008 06:00:33 -0700
Delivery-date: Tue, 16 Sep 2008 06:00:44 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1220969158 -3600
# Node ID 5a6f5b4b5fb3418502defc4c3fc3a8280dd98195
# Parent  33d907ff2b043c4bff5c265737dab0bb52d6f773
ioemu: Fix bug in map cache

This small patch fixes an issue leading to a crash (segfault, although
with earlier changesets I was seeing sigbus - not sure what changed)
in qemu-dm when the following conditions occur:

1. A valid mapping for a bucket on a low address exists

2. Immediately after accessing memory mapped in this bucket, an access
occurs to a high (beyond assigned ram) address beyond the 1GB limit
for 32bit map cache wrapping around to the previous bucket's entry

3. The next call to map cache again accesses the low address.

In this scenario, the guest mem for the low bucket has been unmapped
by the remap_bucket caused by 2., but because the valid_mapping
bit-test fails, map_cache returns before last_address_index has been
updated. The subsequent call to map_cache therefore never remaps the
low, valid bucket and instead returns a vaddr pointing to memory that
has failed to get mapped.

Signed-off-by: Trolle Selander <trolle.selander@xxxxxxxxxxxxx>
 tools/ioemu/hw/xen_machine_fv.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletion(-)

diff -r 33d907ff2b04 -r 5a6f5b4b5fb3 tools/ioemu/hw/xen_machine_fv.c
--- a/tools/ioemu/hw/xen_machine_fv.c   Tue Sep 09 15:02:51 2008 +0100
+++ b/tools/ioemu/hw/xen_machine_fv.c   Tue Sep 09 15:05:58 2008 +0100
@@ -139,8 +139,10 @@ uint8_t *qemu_map_cache(target_phys_addr
         !test_bit(address_offset>>XC_PAGE_SHIFT, entry->valid_mapping))
         qemu_remap_bucket(entry, address_index);
-    if (!test_bit(address_offset>>XC_PAGE_SHIFT, entry->valid_mapping))
+    if (!test_bit(address_offset>>XC_PAGE_SHIFT, entry->valid_mapping)) {
+        last_address_index = ~0UL;
         return NULL;
+    }
     last_address_index = address_index;
     last_address_vaddr = entry->vaddr_base;

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] ioemu: Fix bug in map cache, Xen patchbot-unstable <=