Hi,
At 08:39 +0100 on 14 Jul (1279096791), Jiang, Yunhong wrote:
> Add a new p2m type for broken memory.
>
> Currently, this is used only for EPT guest. When memory assigned to guest is
> poisoned, we will mark it as broken in p2m table, the corresponding EPT entry
> is set as not present. Later, if guest try to access the affected memory, EPT
> violation will happen and Xen hypervisor can trap this access.
>
> Signed-off-by: Jiang, Yunhong <yunhong.jiang@xxxxxxxxx>
>
> diff -r 29f0479830cd xen/arch/x86/hvm/hvm.c
> --- a/xen/arch/x86/hvm/hvm.c Mon Jul 12 13:12:31 2010 +0800
> +++ b/xen/arch/x86/hvm/hvm.c Mon Jul 12 13:58:55 2010 +0800
> @@ -971,6 +971,12 @@ bool_t hvm_hap_nested_page_fault(unsigne
>
> mfn = gfn_to_mfn_type_current(gfn, &p2mt, p2m_guest);
>
> + if ( unlikely(p2mt == p2m_ram_broken) )
> + {
> + domain_crash(current->domain);
> + return 1;
> + }
> +
You should probably do this in more places, even if you don't care
about shadow pagetables -- MMIO emulation should behave the same as
normal accesses.
What behaviour would you like when qemu tries to DMA to a broken page?
Or when a backend driver grant-copies to it?
Is there a case for just having the P2M lookups (at least the _query()
kind) call domain_crash when they hit a poisoned page?
Cheers,
Tim.
> /*
> * If this GFN is emulated MMIO or marked as read-only, pass the fault
> * to the mmio handler.
> diff -r 29f0479830cd xen/include/asm-x86/p2m.h
> --- a/xen/include/asm-x86/p2m.h Mon Jul 12 13:12:31 2010 +0800
> +++ b/xen/include/asm-x86/p2m.h Mon Jul 12 13:56:02 2010 +0800
> @@ -85,6 +85,7 @@ typedef enum {
> p2m_ram_paging_in = 11, /* Memory that is being paged in */
> p2m_ram_paging_in_start = 12, /* Memory that is being paged in */
> p2m_ram_shared = 13, /* Shared or sharable memory */
> + p2m_ram_broken = 14, /* broken page, access cause domain crash*/
> } p2m_type_t;
>
> typedef enum {
> @@ -132,6 +133,8 @@ typedef enum {
> | p2m_to_mask(p2m_ram_paging_in))
>
> #define P2M_PAGED_TYPES (p2m_to_mask(p2m_ram_paged))
> +
> +#define P2M_BROKEN_TYPES (p2m_to_mask(p2m_ram_broken))
>
> /* Shared types */
> /* XXX: Sharable types could include p2m_ram_ro too, but we would need to
> @@ -155,6 +158,7 @@ typedef enum {
> #define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES)
> #define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES)
> #define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES)
> +#define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES)
>
>
> /* Populate-on-demand */
> diff -r 29f0479830cd xen/include/asm-x86/page.h
> --- a/xen/include/asm-x86/page.h Mon Jul 12 13:12:31 2010 +0800
> +++ b/xen/include/asm-x86/page.h Mon Jul 12 13:56:21 2010 +0800
> @@ -323,6 +323,7 @@ void setup_idle_pagetable(void);
> #define _PAGE_PSE_PAT 0x1000U
> #define _PAGE_PAGED 0x2000U
> #define _PAGE_SHARED 0x4000U
> +#define _PAGE_BROKEN 0x8000U
>
> /*
> * Debug option: Ensure that granted mappings are not implicitly unmapped.
>
>
--
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, XenServer Engineering
Citrix Systems UK Ltd. (Company #02937203, SL9 0BG)
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home