[Xen-devel] [PATCH] libxc: fix incorrect scanning of pfn array i

To:	xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] [PATCH] libxc: fix incorrect scanning of pfn array in pagebuf during migration
From:	Shriram Rajagopalan <rshriram@xxxxxxxxx>
Date:	Fri, 25 Feb 2011 12:19:20 -0800
Cc:	ian.jackson@xxxxxxxxxxxxx
Delivery-date:	Fri, 25 Feb 2011 12:25:34 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mercurial-patchbomb/1.4.3

# HG changeset patch
# User Shriram Rajagopalan <rshriram@xxxxxxxxx>
# Date 1298664774 28800
# Node ID 739f8bfeb96f92ae6d15ea983ba2b46543dc6a5c
# Parent  f16d772fdb6c58518299d4c3780b846bcbee6165
libxc: fix incorrect scanning of pfn array in pagebuf during migration

xc_domain_restore.c:apply_batch function makes two passes over the pfn_types
array in pagebuf to allocate the needed MFNs. The curbatch parameter to this
function specifies the array offset in pfn_types, from where the current scan
should begin. But this variable is not taken into account (index always starts
at 0) during the two passes. While this [bug] does not manifest itsef during
save/restore or live migration, under Remus, xc_domain_restore fails due to
corrupt guest page tables.

Signed-off-by: Shriram Rajagopalan <rshriram@xxxxxxxxx>

diff -r f16d772fdb6c -r 739f8bfeb96f tools/libxc/xc_domain_restore.c
--- a/tools/libxc/xc_domain_restore.c   Fri Feb 25 10:39:27 2011 -0800
+++ b/tools/libxc/xc_domain_restore.c   Fri Feb 25 12:12:54 2011 -0800
@@ -907,8 +907,8 @@
     for ( i = 0; i < j; i++ )
     {
         unsigned long pfn, pagetype;
-        pfn      = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
-        pagetype = pagebuf->pfn_types[i] &  XEN_DOMCTL_PFINFO_LTAB_MASK;
+        pfn      = pagebuf->pfn_types[i + curbatch] & 
~XEN_DOMCTL_PFINFO_LTAB_MASK;
+        pagetype = pagebuf->pfn_types[i + curbatch] &  
XEN_DOMCTL_PFINFO_LTAB_MASK;
 
         if ( (pagetype != XEN_DOMCTL_PFINFO_XTAB) && 
              (ctx->p2m[pfn] == INVALID_P2M_ENTRY) )
@@ -934,8 +934,8 @@
     for ( i = 0; i < j; i++ )
     {
         unsigned long pfn, pagetype;
-        pfn      = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
-        pagetype = pagebuf->pfn_types[i] &  XEN_DOMCTL_PFINFO_LTAB_MASK;
+        pfn      = pagebuf->pfn_types[i + curbatch] & 
~XEN_DOMCTL_PFINFO_LTAB_MASK;
+        pagetype = pagebuf->pfn_types[i + curbatch] &  
XEN_DOMCTL_PFINFO_LTAB_MASK;
 
         if ( pagetype == XEN_DOMCTL_PFINFO_XTAB )
             region_mfn[i] = ~0UL; /* map will fail but we don't care */

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] [PATCH] libxc: fix incorrect scanning of pfn array in pagebu