WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] Merged.

# HG changeset patch
# User emellor@xxxxxxxxxxxxxxxxxxxxxx
# Node ID bc1bfdb35f29504105f231f41cbcfe997c53e475
# Parent  602aefe7bd48f801b703bc423f148b7a14645fa4
# Parent  dede6fb4c90e7b4dee20befc8269c28379a7c6bb
Merged.

diff -r 602aefe7bd48 -r bc1bfdb35f29 
linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32
--- a/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32        Tue Nov 
22 15:31:16 2005
+++ b/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32        Tue Nov 
22 16:00:56 2005
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Linux kernel version: 2.6.12-xen0
-# Sat Oct 15 00:13:28 2005
+# Linux kernel version: 2.6.12.6-xen
+# Mon Nov 21 10:35:31 2005
 #
 CONFIG_XEN=y
 CONFIG_ARCH_XEN=y
@@ -2474,8 +2474,8 @@
 #
 # USB HID Boot Protocol drivers
 #
-CONFIG_USB_KBD=y
-CONFIG_USB_MOUSE=y
+CONFIG_USB_KBD=m
+CONFIG_USB_MOUSE=m
 CONFIG_USB_AIPTEK=m
 CONFIG_USB_WACOM=m
 CONFIG_USB_KBTAB=m
diff -r 602aefe7bd48 -r bc1bfdb35f29 tools/libxc/xc_linux_save.c
--- a/tools/libxc/xc_linux_save.c       Tue Nov 22 15:31:16 2005
+++ b/tools/libxc/xc_linux_save.c       Tue Nov 22 16:00:56 2005
@@ -731,7 +731,7 @@
 
     if (live && (pt_levels != 2)) {
         ERR("Live migration supported only for 32-bit non-pae");
-        goto out;
+        live = 0;
     }
 
     if (live) {
diff -r 602aefe7bd48 -r bc1bfdb35f29 tools/python/xen/xm/main.py
--- a/tools/python/xen/xm/main.py       Tue Nov 22 15:31:16 2005
+++ b/tools/python/xen/xm/main.py       Tue Nov 22 16:00:56 2005
@@ -846,7 +846,7 @@
     err('Option %s is the new replacement, see "xm help %s" for more info' % 
(new, new))
 
 def usage(cmd=None):
-    if cmd = 'create'
+    if cmd == 'create':
         xm_subcommand("create", "--help")
         sys.exit(1)
     if help.has_key(cmd):
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/arch/ia64/xen/grant_table.c
--- a/xen/arch/ia64/xen/grant_table.c   Tue Nov 22 15:31:16 2005
+++ b/xen/arch/ia64/xen/grant_table.c   Tue Nov 22 16:00:56 2005
@@ -1054,114 +1054,6 @@
     return rc;
 }
 
-int
-gnttab_check_unmap(
-    struct domain *rd, struct domain *ld, unsigned long frame, int readonly)
-{
-    /* Called when put_page is invoked on a page belonging to a foreign domain.
-     * Instead of decrementing the frame table ref count, locate the grant
-     * table entry, if any, and if found, decrement that count.
-     * Called a _lot_ at domain creation because pages mapped by priv domains
-     * also traverse this.
-     */
-    
-    /* Note: If the same frame is mapped multiple times, and then one of
-     *       the ptes is overwritten, which maptrack handle gets invalidated?
-     * Advice: Don't do it. Explicitly unmap.
-     */
-    
-    unsigned int handle, ref, refcount;
-    grant_table_t        *lgt, *rgt;
-    active_grant_entry_t *act;
-    grant_mapping_t      *map;
-    int found = 0;
-    
-    lgt = ld->grant_table;
-    
-#if GRANT_DEBUG_VERBOSE
-    if ( ld->domain_ id != 0 ) {
-            DPRINTK("Foreign unref rd(%d) ld(%d) frm(%lx) flgs(%x).\n",
-                    rd->domain_id, ld->domain_id, frame, readonly);
-      }
-#endif
-    
-    /* Fast exit if we're not mapping anything using grant tables */
-    if ( lgt->map_count == 0 )
-        return 0;
-    
-    if ( get_domain(rd) == 0 ) {
-        DPRINTK("gnttab_check_unmap: couldn't get_domain rd(%d)\n",
-                rd->domain_id);
-        return 0;
-    }
-    
-    rgt = rd->grant_table;
-    
-    for ( handle = 0; handle < lgt->maptrack_limit; handle++ ) {
-
-        map = &lgt->maptrack[handle];
-            
-        if ( map->domid != rd->domain_id )
-            continue;
-        
-        if ( ( map->ref_and_flags & MAPTRACK_GNTMAP_MASK ) &&
-             ( readonly ? 1 : (!(map->ref_and_flags & GNTMAP_readonly)))) {
-
-            ref = (map->ref_and_flags >> MAPTRACK_REF_SHIFT);
-            act = &rgt->active[ref];
-                    
-            spin_lock(&rgt->lock);
-                    
-            if ( act->frame != frame ) {
-                spin_unlock(&rgt->lock);
-                continue;
-            }
-                    
-            refcount = act->pin & ( readonly ? GNTPIN_hstr_mask
-                                    : GNTPIN_hstw_mask );
-
-            if ( refcount == 0 ) {
-                spin_unlock(&rgt->lock);
-                continue;
-            }
-                    
-            /* gotcha */
-            DPRINTK("Grant unref rd(%d) ld(%d) frm(%lx) flgs(%x).\n",
-                    rd->domain_id, ld->domain_id, frame, readonly);
-                    
-            if ( readonly )
-                act->pin -= GNTPIN_hstr_inc;
-            else {
-                act->pin -= GNTPIN_hstw_inc;
-                            
-                /* any more granted writable mappings? */
-                if ( (act->pin & (GNTPIN_hstw_mask|GNTPIN_devw_mask)) == 0 ) {
-                    clear_bit(_GTF_writing, &rgt->shared[ref].flags);
-                    put_page_type(&frame_table[frame]);
-                }
-            }
-                
-            if ( act->pin == 0 ) {
-                clear_bit(_GTF_reading, &rgt->shared[ref].flags);
-                put_page(&frame_table[frame]);
-            }
-
-            spin_unlock(&rgt->lock);
-                    
-            clear_bit(GNTMAP_host_map, &map->ref_and_flags);
-                    
-            if ( !(map->ref_and_flags & GNTMAP_device_map) )
-                put_maptrack_handle(lgt, handle);
-                    
-            found = 1;
-            break;
-        }
-    }
-    put_domain(rd);
-    
-    return found;
-}
-
 int 
 gnttab_prepare_for_transfer(
     struct domain *rd, struct domain *ld, grant_ref_t ref)
@@ -1355,8 +1247,10 @@
 }
 
 void
-gnttab_release_dev_mappings(grant_table_t *gt)
-{
+gnttab_release_mappings(
+    struct domain *ld)
+{
+    grant_table_t          *gt = ld->grant_table;
     grant_mapping_t        *map;
     domid_t                 dom;
     grant_ref_t             ref;
@@ -1365,8 +1259,6 @@
     unsigned long           frame;
     active_grant_entry_t   *act;
     grant_entry_t          *sha;
-
-    ld = current->domain;
 
     for ( handle = 0; handle < gt->maptrack_limit; handle++ )
     {
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c     Tue Nov 22 15:31:16 2005
+++ b/xen/arch/x86/domain.c     Tue Nov 22 16:00:56 2005
@@ -960,8 +960,7 @@
 
     ptwr_destroy(d);
 
-    /* Release device mappings of other domains */
-    gnttab_release_dev_mappings(d->grant_table);
+    gnttab_release_mappings(d);
 
     /* Drop the in-use references to page-table bases. */
     for_each_vcpu ( d, v )
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c Tue Nov 22 15:31:16 2005
+++ b/xen/arch/x86/mm.c Tue Nov 22 16:00:56 2005
@@ -594,23 +594,26 @@
         return;
 
     e = page_get_owner(page);
-    if ( unlikely(e != d) )
-    {
-        /*
-         * Unmap a foreign page that may have been mapped via a grant table.
-         * Note that this can fail for a privileged domain that can map foreign
-         * pages via MMUEXT_SET_FOREIGNDOM. Such domains can have some mappings
-         * counted via a grant entry and some counted directly in the page
-         * structure's reference count. Note that reference counts won't get
-         * dangerously confused as long as we always try to decrement the
-         * grant entry first. We may end up with a mismatch between which
-         * mappings and which unmappings are counted via the grant entry, but
-         * really it doesn't matter as privileged domains have carte blanche.
-         */
-        if (likely(gnttab_check_unmap(e, d, pfn,
-                                      !(l1e_get_flags(l1e) & _PAGE_RW))))
-            return;
-        /* Assume this mapping was made via MMUEXT_SET_FOREIGNDOM... */
+
+    /*
+     * Check if this is a mapping that was established via a grant reference.
+     * If it was then we should not be here: we require that such mappings are
+     * explicitly destroyed via the grant-table interface.
+     * 
+     * The upshot of this is that the guest can end up with active grants that
+     * it cannot destroy (because it no longer has a PTE to present to the
+     * grant-table interface). This can lead to subtle hard-to-catch bugs,
+     * hence a special grant PTE flag can be enabled to catch the bug early.
+     * 
+     * (Note that the undestroyable active grants are not a security hole in
+     * Xen. All active grants can safely be cleaned up when the domain dies.)
+     */
+    if ( (l1e_get_flags(l1e) & _PAGE_GNTTAB) &&
+         !(d->domain_flags & (DOMF_shutdown|DOMF_dying)) )
+    {
+        MEM_LOG("Attempt to implicitly unmap a granted PTE %" PRIpte,
+                l1e_get_intpte(l1e));
+        domain_crash(d);
     }
 
     if ( l1e_get_flags(l1e) & _PAGE_RW )
@@ -2317,7 +2320,6 @@
 
     ASSERT(spin_is_locked(&d->big_lock));
     ASSERT(!shadow_mode_refcounts(d));
-    ASSERT((l1e_get_flags(_nl1e) & L1_DISALLOW_MASK) == 0);
 
     gpfn = pte_addr >> PAGE_SHIFT;
     mfn = __gpfn_to_mfn(d, gpfn);
@@ -2452,7 +2454,6 @@
     
     ASSERT(spin_is_locked(&d->big_lock));
     ASSERT(!shadow_mode_refcounts(d));
-    ASSERT((l1e_get_flags(_nl1e) & L1_DISALLOW_MASK) == 0);
 
     /*
      * This is actually overkill - we don't need to sync the L1 itself,
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/arch/x86/shadow.c
--- a/xen/arch/x86/shadow.c     Tue Nov 22 15:31:16 2005
+++ b/xen/arch/x86/shadow.c     Tue Nov 22 16:00:56 2005
@@ -1536,12 +1536,13 @@
             perfc_incr_histo(l1_entries_checked, max_shadow - min_shadow + 1, 
PT_UPDATES);
             if ( d->arch.ops->guest_paging_levels >= PAGING_L3 &&
                  unshadow_l1 ) {
-                pgentry_64_t l2e = {0};
+                pgentry_64_t l2e;
 
                 __shadow_get_l2e(entry->v, entry->va, &l2e);
 
                 if ( entry_get_flags(l2e) & _PAGE_PRESENT ) {
-                    entry_remove_flags(l2e, _PAGE_PRESENT);
+                    put_shadow_ref(entry_get_pfn(l2e));
+                    l2e = entry_empty();
                     __shadow_set_l2e(entry->v, entry->va, &l2e);
 
                     if (entry->v == current)
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/arch/x86/shadow32.c
--- a/xen/arch/x86/shadow32.c   Tue Nov 22 15:31:16 2005
+++ b/xen/arch/x86/shadow32.c   Tue Nov 22 16:00:56 2005
@@ -1381,8 +1381,11 @@
     switch ( op )
     {
     case DOM0_SHADOW_CONTROL_OP_OFF:
-        __shadow_sync_all(d);
-        __shadow_mode_disable(d);
+        if ( shadow_mode_enabled(d) )
+        {
+            __shadow_sync_all(d);
+            __shadow_mode_disable(d);
+        }
         break;
 
     case DOM0_SHADOW_CONTROL_OP_ENABLE_TEST:
@@ -2426,7 +2429,8 @@
 
                 __shadow_get_l2e(entry->v, entry->va, &l2e);
                 if (l2e_get_flags(l2e) & _PAGE_PRESENT) {
-                    l2e_remove_flags(l2e, _PAGE_PRESENT);
+                    put_shadow_ref(l2e_get_pfn(l2e)); 
+                    l2e = l2e_empty();
                     __shadow_set_l2e(entry->v, entry->va, l2e);
 
                     if (entry->v == current)
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/arch/x86/shadow_public.c
--- a/xen/arch/x86/shadow_public.c      Tue Nov 22 15:31:16 2005
+++ b/xen/arch/x86/shadow_public.c      Tue Nov 22 16:00:56 2005
@@ -1290,8 +1290,11 @@
     switch ( op )
     {
     case DOM0_SHADOW_CONTROL_OP_OFF:
-        __shadow_sync_all(d);
-        __shadow_mode_disable(d);
+        if ( shadow_mode_enabled(d) )
+        {
+            __shadow_sync_all(d);
+            __shadow_mode_disable(d);
+        }
         break;
 
     case DOM0_SHADOW_CONTROL_OP_ENABLE_TEST:
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/common/grant_table.c
--- a/xen/common/grant_table.c  Tue Nov 22 15:31:16 2005
+++ b/xen/common/grant_table.c  Tue Nov 22 16:00:56 2005
@@ -31,17 +31,11 @@
 #include <acm/acm_hooks.h>
 #include <xen/trace.h>
 
-#if defined(CONFIG_X86_64)
-#define GRANT_PTE_FLAGS (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_USER)
-#else
-#define GRANT_PTE_FLAGS (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY)
-#endif
-
-#define PIN_FAIL(_lbl, _rc, _f, _a...)   \
-    do {                           \
-        DPRINTK( _f, ## _a );      \
-        rc = (_rc);                \
-        goto _lbl;                 \
+#define PIN_FAIL(_lbl, _rc, _f, _a...)          \
+    do {                                        \
+        DPRINTK( _f, ## _a );                   \
+        rc = (_rc);                             \
+        goto _lbl;                              \
     } while ( 0 )
 
 static inline int
@@ -519,12 +513,12 @@
 
     /* If just unmapped a writable mapping, mark as dirtied */
     if ( unlikely(shadow_mode_log_dirty(rd)) &&
-        !( flags & GNTMAP_readonly ) )
+         !(flags & GNTMAP_readonly) )
          mark_dirty(rd, frame);
 
     /* If the last writable mapping has been removed, put_page_type */
-    if ( ( (act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask) ) == 0) &&
-         ( !( flags & GNTMAP_readonly ) ) )
+    if ( ((act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) == 0) &&
+         !(flags & GNTMAP_readonly) )
     {
         clear_bit(_GTF_writing, &sha->flags);
         put_page_type(&frame_table[frame]);
@@ -880,108 +874,6 @@
     return rc;
 }
 
-int
-gnttab_check_unmap(
-    struct domain *rd, struct domain *ld, unsigned long frame, int readonly)
-{
-    /* Called when put_page is invoked on a page belonging to a foreign domain.
-     * Instead of decrementing the frame table ref count, locate the grant
-     * table entry, if any, and if found, decrement that count.
-     * Called a _lot_ at domain creation because pages mapped by priv domains
-     * also traverse this.
-     */
-    
-    /* Note: If the same frame is mapped multiple times, and then one of
-     *       the ptes is overwritten, which maptrack handle gets invalidated?
-     * Advice: Don't do it. Explicitly unmap.
-     */
-    
-    unsigned int handle, ref, refcount;
-    grant_table_t        *lgt, *rgt;
-    active_grant_entry_t *act;
-    grant_mapping_t      *map;
-    int found = 0;
-    
-    lgt = ld->grant_table;
-    
-    /* Fast exit if we're not mapping anything using grant tables */
-    if ( lgt->map_count == 0 )
-        return 0;
-    
-    if ( get_domain(rd) == 0 )
-    {
-        DPRINTK("gnttab_check_unmap: couldn't get_domain rd(%d)\n",
-                rd->domain_id);
-        return 0;
-    }
-    
-    rgt = rd->grant_table;
-    
-    for ( handle = 0; handle < lgt->maptrack_limit; handle++ ) {
-
-        map = &lgt->maptrack[handle];
-            
-        if ( map->domid != rd->domain_id )
-            continue;
-        
-        if ( ( map->ref_and_flags & MAPTRACK_GNTMAP_MASK ) &&
-             ( readonly ? 1 : (!(map->ref_and_flags & GNTMAP_readonly)))) {
-
-            ref = (map->ref_and_flags >> MAPTRACK_REF_SHIFT);
-            act = &rgt->active[ref];
-                    
-            spin_lock(&rgt->lock);
-                    
-            if ( act->frame != frame ) {
-                spin_unlock(&rgt->lock);
-                continue;
-            }
-                    
-            refcount = act->pin & ( readonly ? GNTPIN_hstr_mask
-                                    : GNTPIN_hstw_mask );
-
-            if ( refcount == 0 ) {
-                spin_unlock(&rgt->lock);
-                continue;
-            }
-                    
-            /* gotcha */
-            DPRINTK("Grant unref rd(%d) ld(%d) frm(%lx) flgs(%x).\n",
-                    rd->domain_id, ld->domain_id, frame, readonly);
-                    
-            if ( readonly )
-                act->pin -= GNTPIN_hstr_inc;
-            else {
-                act->pin -= GNTPIN_hstw_inc;
-                            
-                /* any more granted writable mappings? */
-                if ( (act->pin & (GNTPIN_hstw_mask|GNTPIN_devw_mask)) == 0 ) {
-                    clear_bit(_GTF_writing, &rgt->shared[ref].flags);
-                    put_page_type(&frame_table[frame]);
-                }
-            }
-                
-            if ( act->pin == 0 ) {
-                clear_bit(_GTF_reading, &rgt->shared[ref].flags);
-                put_page(&frame_table[frame]);
-            }
-
-            spin_unlock(&rgt->lock);
-                    
-            clear_bit(GNTMAP_host_map, &map->ref_and_flags);
-                    
-            if ( !(map->ref_and_flags & GNTMAP_device_map) )
-                put_maptrack_handle(lgt, handle);
-                    
-            found = 1;
-            break;
-        }
-    }
-    put_domain(rd);
-    
-    return found;
-}
-
 int 
 gnttab_prepare_for_transfer(
     struct domain *rd, struct domain *ld, grant_ref_t ref)
@@ -1124,70 +1016,85 @@
 }
 
 void
-gnttab_release_dev_mappings(grant_table_t *gt)
-{
-    grant_mapping_t        *map;
-    domid_t                 dom;
-    grant_ref_t             ref;
-    u16                     handle;
-    struct domain          *ld, *rd;
-    unsigned long           frame;
-    active_grant_entry_t   *act;
-    grant_entry_t          *sha;
-
-    ld = current->domain;
+gnttab_release_mappings(
+    struct domain *d)
+{
+    grant_table_t        *gt = d->grant_table;
+    grant_mapping_t      *map;
+    grant_ref_t           ref;
+    u16                   handle;
+    struct domain        *rd;
+    active_grant_entry_t *act;
+    grant_entry_t        *sha;
+
+    BUG_ON(!test_bit(_DOMF_dying, &d->domain_flags));
 
     for ( handle = 0; handle < gt->maptrack_limit; handle++ )
     {
         map = &gt->maptrack[handle];
-
-        if ( !(map->ref_and_flags & GNTMAP_device_map) )
+        if ( !(map->ref_and_flags & (GNTMAP_device_map|GNTMAP_host_map)) )
             continue;
 
-        dom = map->domid;
         ref = map->ref_and_flags >> MAPTRACK_REF_SHIFT;
 
         DPRINTK("Grant release (%hu) ref:(%hu) flags:(%x) dom:(%hu)\n",
-                handle, ref, map->ref_and_flags & MAPTRACK_GNTMAP_MASK, dom);
-
-        if ( unlikely((rd = find_domain_by_id(dom)) == NULL) ||
-             unlikely(ld == rd) )
-        {
-            if ( rd != NULL )
-                put_domain(rd);
-            printk(KERN_WARNING "Grant release: No dom%d\n", dom);
-            continue;
-        }
+                handle, ref, map->ref_and_flags & MAPTRACK_GNTMAP_MASK,
+                map->domid);
+
+        rd = find_domain_by_id(map->domid);
+        BUG_ON(rd == NULL);
+
+        spin_lock(&rd->grant_table->lock);
 
         act = &rd->grant_table->active[ref];
         sha = &rd->grant_table->shared[ref];
 
-        spin_lock(&rd->grant_table->lock);
-
-        if ( act->pin & (GNTPIN_devw_mask | GNTPIN_devr_mask) )
-        {
-            frame = act->frame;
-
-            if ( ( (act->pin & GNTPIN_hstw_mask) == 0 ) &&
-                 ( (act->pin & GNTPIN_devw_mask) >  0 ) )
+        if ( map->ref_and_flags & GNTMAP_readonly )
+        {
+            if ( map->ref_and_flags & GNTMAP_device_map )
+            {
+                BUG_ON((act->pin & GNTPIN_devr_mask) == 0);
+                act->pin -= GNTPIN_devr_inc;
+            }
+
+            if ( map->ref_and_flags & GNTMAP_host_map )
+            {
+                BUG_ON((act->pin & GNTPIN_hstr_mask) == 0);
+                act->pin -= GNTPIN_hstr_inc;
+            }
+        }
+        else
+        {
+            if ( map->ref_and_flags & GNTMAP_device_map )
+            {
+                BUG_ON((act->pin & GNTPIN_devw_mask) == 0);
+                act->pin -= GNTPIN_devw_inc;
+            }
+
+            if ( map->ref_and_flags & GNTMAP_host_map )
+            {
+                BUG_ON((act->pin & GNTPIN_hstw_mask) == 0);
+                act->pin -= GNTPIN_hstw_inc;
+            }
+
+            if ( (act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) == 0 )
             {
                 clear_bit(_GTF_writing, &sha->flags);
-                put_page_type(&frame_table[frame]);
+                put_page_type(&frame_table[act->frame]);
             }
-
-            map->ref_and_flags &= ~GNTMAP_device_map;
-            act->pin &= ~(GNTPIN_devw_mask | GNTPIN_devr_mask);
-            if ( act->pin == 0 )
-            {
-                clear_bit(_GTF_reading, &sha->flags);
-                map->ref_and_flags = 0;
-                put_page(&frame_table[frame]);
-            }
+        }
+
+        if ( act->pin == 0 )
+        {
+            clear_bit(_GTF_reading, &sha->flags);
+            put_page(&frame_table[act->frame]);
         }
 
         spin_unlock(&rd->grant_table->lock);
 
         put_domain(rd);
+
+        map->ref_and_flags = 0;
     }
 }
 
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/include/asm-x86/page.h
--- a/xen/include/asm-x86/page.h        Tue Nov 22 15:31:16 2005
+++ b/xen/include/asm-x86/page.h        Tue Nov 22 16:00:56 2005
@@ -273,6 +273,24 @@
 #define _PAGE_AVAIL2   0x800U
 #define _PAGE_AVAIL    0xE00U
 
+/*
+ * Debug option: Ensure that granted mappings are not implicitly unmapped.
+ * WARNING: This will need to be disabled to run OSes that use the spare PTE
+ * bits themselves (e.g., *BSD).
+ */
+#ifndef NDEBUG
+#define _PAGE_GNTTAB   _PAGE_AVAIL2
+#else
+#define _PAGE_GNTTAB   0
+#endif
+
+/*
+ * Disallow unused flag bits plus PAT, PSE and GLOBAL. Also disallow GNTTAB
+ * if we are using it for grant-table debugging. Permit the NX bit if the
+ * hardware supports it.
+ */
+#define BASE_DISALLOW_MASK ((0xFFFFF180U | _PAGE_GNTTAB) & ~_PAGE_NX)
+
 #define __PAGE_HYPERVISOR \
     (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED)
 #define __PAGE_HYPERVISOR_NOCACHE \
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/include/asm-x86/x86_32/page-2level.h
--- a/xen/include/asm-x86/x86_32/page-2level.h  Tue Nov 22 15:31:16 2005
+++ b/xen/include/asm-x86/x86_32/page-2level.h  Tue Nov 22 16:00:56 2005
@@ -1,5 +1,5 @@
-#ifndef __X86_32_PAGE_2L_H__
-#define __X86_32_PAGE_2L_H__
+#ifndef __X86_32_PAGE_2LEVEL_H__
+#define __X86_32_PAGE_2LEVEL_H__
 
 #define L1_PAGETABLE_SHIFT      12
 #define L2_PAGETABLE_SHIFT      22
@@ -52,7 +52,7 @@
 #define get_pte_flags(x) ((int)(x) & 0xFFF)
 #define put_pte_flags(x) ((intpte_t)((x) & 0xFFF))
 
-#define L1_DISALLOW_MASK (0xFFFFF180U) /* PAT/GLOBAL */
-#define L2_DISALLOW_MASK (0xFFFFF180U) /* PSE/GLOBAL */
+#define L1_DISALLOW_MASK BASE_DISALLOW_MASK
+#define L2_DISALLOW_MASK BASE_DISALLOW_MASK
 
-#endif /* __X86_32_PAGE_2L_H__ */
+#endif /* __X86_32_PAGE_2LEVEL_H__ */
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/include/asm-x86/x86_32/page-3level.h
--- a/xen/include/asm-x86/x86_32/page-3level.h  Tue Nov 22 15:31:16 2005
+++ b/xen/include/asm-x86/x86_32/page-3level.h  Tue Nov 22 16:00:56 2005
@@ -1,5 +1,5 @@
-#ifndef __X86_32_PAGE_3L_H__
-#define __X86_32_PAGE_3L_H__
+#ifndef __X86_32_PAGE_3LEVEL_H__
+#define __X86_32_PAGE_3LEVEL_H__
 
 #define L1_PAGETABLE_SHIFT      12
 #define L2_PAGETABLE_SHIFT      21
@@ -65,8 +65,8 @@
 #define get_pte_flags(x) (((int)((x) >> 32) & ~0xFFF) | ((int)(x) & 0xFFF))
 #define put_pte_flags(x) (((intpte_t)((x) & ~0xFFF) << 32) | ((x) & 0xFFF))
 
-#define L1_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* PAT/GLOBAL */
-#define L2_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* PSE/GLOBAL */
-#define L3_DISALLOW_MASK (0xFFFFF1E6U)             /* must-be-zero */
+#define L1_DISALLOW_MASK BASE_DISALLOW_MASK
+#define L2_DISALLOW_MASK BASE_DISALLOW_MASK
+#define L3_DISALLOW_MASK 0xFFFFF1E6U /* must-be-zero */
 
-#endif /* __X86_32_PAGE_3L_H__ */
+#endif /* __X86_32_PAGE_3LEVEL_H__ */
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/include/asm-x86/x86_32/page.h
--- a/xen/include/asm-x86/x86_32/page.h Tue Nov 22 15:31:16 2005
+++ b/xen/include/asm-x86/x86_32/page.h Tue Nov 22 16:00:56 2005
@@ -23,6 +23,9 @@
 extern unsigned int PAGE_HYPERVISOR_NOCACHE;
 #endif
 
+#define GRANT_PTE_FLAGS \
+    (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_GNTTAB)
+
 #endif /* __X86_32_PAGE_H__ */
 
 /*
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/include/asm-x86/x86_64/page.h
--- a/xen/include/asm-x86/x86_64/page.h Tue Nov 22 15:31:16 2005
+++ b/xen/include/asm-x86/x86_64/page.h Tue Nov 22 16:00:56 2005
@@ -72,13 +72,16 @@
 /* Bit 23 of a 24-bit flag mask. This corresponds to bit 63 of a pte.*/
 #define _PAGE_NX (cpu_has_nx ? (1U<<23) : 0U)
 
-#define L1_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* PAT/GLOBAL */
-#define L2_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* PSE/GLOBAL */
-#define L3_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* must-be-zero */
-#define L4_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* must-be-zero */
+#define L1_DISALLOW_MASK BASE_DISALLOW_MASK
+#define L2_DISALLOW_MASK BASE_DISALLOW_MASK
+#define L3_DISALLOW_MASK (BASE_DISALLOW_MASK | 0x180U /* must-be-zero */)
+#define L4_DISALLOW_MASK (BASE_DISALLOW_MASK | 0x180U /* must-be-zero */)
 
 #define PAGE_HYPERVISOR         (__PAGE_HYPERVISOR         | _PAGE_GLOBAL)
 #define PAGE_HYPERVISOR_NOCACHE (__PAGE_HYPERVISOR_NOCACHE | _PAGE_GLOBAL)
+
+#define GRANT_PTE_FLAGS \
+    (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_GNTTAB|_PAGE_USER)
 
 #endif /* __X86_64_PAGE_H__ */
 
diff -r 602aefe7bd48 -r bc1bfdb35f29 xen/include/xen/grant_table.h
--- a/xen/include/xen/grant_table.h     Tue Nov 22 15:31:16 2005
+++ b/xen/include/xen/grant_table.h     Tue Nov 22 16:00:56 2005
@@ -94,10 +94,6 @@
 void grant_table_destroy(
     struct domain *d);
 
-/* Destroy host-CPU mappings via a grant-table entry. */
-int gnttab_check_unmap(
-    struct domain *rd, struct domain *ld, unsigned long frame, int readonly);
-
 /*
  * Check that the given grant reference (rd,ref) allows 'ld' to transfer
  * ownership of a page frame. If so, lock down the grant entry.
@@ -106,8 +102,9 @@
 gnttab_prepare_for_transfer(
     struct domain *rd, struct domain *ld, grant_ref_t ref);
 
-/* Domain death release of granted device mappings of other domains.*/
+/* Domain death release of granted mappings of other domains' memory. */
 void
-gnttab_release_dev_mappings(grant_table_t *gt);
+gnttab_release_mappings(
+    struct domain *d);
 
 #endif /* __XEN_GRANT_H__ */

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>