[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH]fixed the get/put_page unmatch for guest L2 page



# HG changeset patch
# User Xiaofeng Ling <xiaofeng.ling@xxxxxxxxx>
# Node ID 63976fd25b5d28243c5fc1e78af1b6759349f749
# Parent  97fce5212e2877da4ef99453c3ded213ba991d5a
This patch fixed the get/put_page unmatch for guest L2 page
(v->arch.guest_table).
some times, when you destroy an OS when it is in real mode.
(vmxassist), there is an extra put_page in domain_relinquish_resource.
which cause this page be freed with type_info !=0.
With ASSERT open, hypervisor will crash, with debug=n, on some machine,
system will hang in alloc_domheap_pages, due to type_info is a union with cpumask and not equal to 0.

Signed-off-by: Xiaofeng Ling <xiaofeng.ling@xxxxxxxxx>
# HG changeset patch
# User Xiaofeng Ling <xiaofeng.ling@xxxxxxxxx>
# Node ID 63976fd25b5d28243c5fc1e78af1b6759349f749
# Parent  97fce5212e2877da4ef99453c3ded213ba991d5a
This patch fixed the get/put_page unmatch for guest L2 page
(v->arch.guest_table).
some times, when you destroy an OS when it is in real mode.
(vmxassist), there is an extra put_page in domain_relinquish_resource. 
which cause this page be freed with type_info !=0. 
With ASSERT open, hypervisor will crash, with debug=n, on some machine,
system will hang in alloc_domheap_pages, due to type_info is a union with 
cpumask and not equal to 0. 

Signed-off-by: Xiaofeng Ling <xiaofeng.ling@xxxxxxxxx>

diff -r 97fce5212e28 -r 63976fd25b5d xen/arch/x86/vmx.c
--- a/xen/arch/x86/vmx.c        Wed Dec  7 09:32:17 2005 +0800
+++ b/xen/arch/x86/vmx.c        Wed Dec  7 10:29:23 2005 +0800
@@ -905,7 +905,7 @@
 int
 vmx_world_restore(struct vcpu *v, struct vmx_assist_context *c)
 {
-    unsigned long mfn, old_cr4;
+    unsigned long mfn, old_cr4, old_base_mfn;
     int error = 0;
 
     error |= __vmwrite(GUEST_RIP, c->eip);
@@ -945,7 +945,12 @@
             return 0;
         }
         mfn = get_mfn_from_pfn(c->cr3 >> PAGE_SHIFT);
+        if(!get_page(pfn_to_page(mfn), v->domain))
+                return 0;
+        old_base_mfn = pagetable_get_pfn(v->arch.guest_table);
         v->arch.guest_table = mk_pagetable(mfn << PAGE_SHIFT);
+        if (old_base_mfn)
+             put_page(pfn_to_page(old_base_mfn));
         update_pagetables(v);
         /*
          * arch.shadow_table should now hold the next CR3 for shadow
@@ -1174,9 +1179,11 @@
     }
 
     if(!((value & X86_CR0_PE) && (value & X86_CR0_PG)) && paging_enabled)
-        if(v->arch.arch_vmx.cpu_cr3)
+        if(v->arch.arch_vmx.cpu_cr3){
             put_page(pfn_to_page(get_mfn_from_pfn(
                       v->arch.arch_vmx.cpu_cr3 >> PAGE_SHIFT)));
+            v->arch.guest_table = mk_pagetable(0);
+        }
 
     /*
      * VMX does not implement real-mode virtualization. We emulate
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.