This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] Flush writable pagetable state before emulating a PT

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] Flush writable pagetable state before emulating a PT
From: Xen patchbot -unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 15 Nov 2005 21:16:06 +0000
Delivery-date: Tue, 15 Nov 2005 21:16:13 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID 4f03592bc7f5b4bca5744cee298607dde2576ff6
# Parent  090e44133d40247bc3ccbb565b644d02fdac6829
Flush writable pagetable state before emulating a PT
update. Avoids possibility of updating a PTE temporarily
marked writable by ptwr batching logic, which can corrupt
page reference counts. Aiee!

Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>

diff -r 090e44133d40 -r 4f03592bc7f5 xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c Mon Nov 14 17:13:38 2005
+++ b/xen/arch/x86/mm.c Mon Nov 14 17:27:11 2005
@@ -3358,6 +3358,13 @@
     return EXCRET_fault_fixed;
+    /*
+     * Cleaning up avoids emulating an update to a PTE that is temporarily
+     * marked writable (_PAGE_RW) by the batched ptwr logic. If this were
+     * performance critical then the check could compare addr against l1va's in
+     * ptwr_emulated_update(). Without this flush we can corrupt page refcnts!
+     */
+    cleanup_writable_pagetable(d);
     if ( x86_emulate_memop(guest_cpu_user_regs(), addr,
                            &ptwr_mem_emulator, BITS_PER_LONG/8) )
         return 0;

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] Flush writable pagetable state before emulating a PT, Xen patchbot -unstable <=