This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] [xen-3.2-testing] ioemu: Fix bug in map cache

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-3.2-testing] ioemu: Fix bug in map cache
From: "Xen patchbot-3.2-testing" <patchbot-3.2-testing@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 16 Sep 2008 06:01:45 -0700
Delivery-date: Tue, 16 Sep 2008 06:04:30 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1221145319 -3600
# Node ID f9fe280cbe5eb33d5dc3b6c48aa0de5daa40a786
# Parent  d41b2ba2d9eefaa38f9bb8dece1b4c8a39dcd3d0
ioemu: Fix bug in map cache

This small patch fixes an issue leading to a crash (segfault, although
with earlier changesets I was seeing sigbus - not sure what changed)
in qemu-dm when the following conditions occur:

1. A valid mapping for a bucket on a low address exists

2. Immediately after accessing memory mapped in this bucket, an access
occurs to a high (beyond assigned ram) address beyond the 1GB limit
for 32bit map cache wrapping around to the previous bucket's entry

3. The next call to map cache again accesses the low address.

In this scenario, the guest mem for the low bucket has been unmapped
by the remap_bucket caused by 2., but because the valid_mapping
bit-test fails, map_cache returns before last_address_index has been
updated. The subsequent call to map_cache therefore never remaps the
low, valid bucket and instead returns a vaddr pointing to memory that
has failed to get mapped.

Signed-off-by: Trolle Selander <trolle.selander@xxxxxxxxxxxxx>
xen-unstable changeset:   18450:5a6f5b4b5fb3418502defc4c3fc3a8280dd98195
xen-unstable date:        Tue Sep 09 15:05:58 2008 +0100
 tools/ioemu/hw/xen_machine_fv.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletion(-)

diff -r d41b2ba2d9ee -r f9fe280cbe5e tools/ioemu/hw/xen_machine_fv.c
--- a/tools/ioemu/hw/xen_machine_fv.c   Fri Sep 05 12:41:38 2008 +0100
+++ b/tools/ioemu/hw/xen_machine_fv.c   Thu Sep 11 16:01:59 2008 +0100
@@ -139,8 +139,10 @@ uint8_t *qemu_map_cache(target_phys_addr
         !test_bit(address_offset>>XC_PAGE_SHIFT, entry->valid_mapping))
         qemu_remap_bucket(entry, address_index);
-    if (!test_bit(address_offset>>XC_PAGE_SHIFT, entry->valid_mapping))
+    if (!test_bit(address_offset>>XC_PAGE_SHIFT, entry->valid_mapping)) {
+        last_address_index = ~0UL;
         return NULL;
+    }
     last_address_index = address_index;
     last_address_vaddr = entry->vaddr_base;

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-3.2-testing] ioemu: Fix bug in map cache, Xen patchbot-3.2-testing <=