|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] Failure to revalidate a writable pagetable page should crash
# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID bdf1a8039d1361f47ada7d0cd08582c30469bda8
# Parent 6d981d34cf52dc98a7bffcca9e90f7cde0ba88e2
Failure to revalidate a writable pagetable page should crash
the offending domain, not merely pause it. Also, callers can
now specify another domain to domain_crash().
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
diff -r 6d981d34cf52 -r bdf1a8039d13 xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c Mon Nov 14 11:28:47 2005
+++ b/xen/arch/x86/domain.c Mon Nov 14 14:21:16 2005
@@ -578,7 +578,7 @@
put_user(regs->rcx, rsp-11) )
{
DPRINTK("Error while creating failsafe callback frame.\n");
- domain_crash();
+ domain_crash(n->domain);
}
regs->entry_vector = TRAP_syscall;
diff -r 6d981d34cf52 -r bdf1a8039d13 xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c Mon Nov 14 11:28:47 2005
+++ b/xen/arch/x86/mm.c Mon Nov 14 14:21:16 2005
@@ -2529,7 +2529,7 @@
* not enough information in just a gpte to figure out how to
* (re-)shadow this entry.
*/
- domain_crash();
+ domain_crash(d);
}
rc = shadow_do_update_va_mapping(va, val, v);
@@ -2918,7 +2918,6 @@
{
l1_pgentry_t ol1e, nl1e;
int modified = 0, i;
- struct vcpu *v;
for ( i = 0; i < L1_PAGETABLE_ENTRIES; i++ )
{
@@ -2944,7 +2943,6 @@
if ( unlikely(!get_page_from_l1e(nl1e, d)) )
{
- MEM_LOG("ptwr: Could not re-validate l1 page");
/*
* Make the remaining p.t's consistent before crashing, so the
* reference counts are correct.
@@ -2953,9 +2951,8 @@
(L1_PAGETABLE_ENTRIES - i) * sizeof(l1_pgentry_t));
/* Crash the offending domain. */
- set_bit(_DOMF_ctrl_pause, &d->domain_flags);
- for_each_vcpu ( d, v )
- vcpu_sleep_nosync(v);
+ MEM_LOG("ptwr: Could not revalidate l1 page");
+ domain_crash(d);
break;
}
@@ -3348,7 +3345,7 @@
/* Toss the writable pagetable state and crash. */
unmap_domain_page(d->arch.ptwr[which].pl1e);
d->arch.ptwr[which].l1va = 0;
- domain_crash();
+ domain_crash(d);
return 0;
}
diff -r 6d981d34cf52 -r bdf1a8039d13 xen/arch/x86/shadow_public.c
--- a/xen/arch/x86/shadow_public.c Mon Nov 14 11:28:47 2005
+++ b/xen/arch/x86/shadow_public.c Mon Nov 14 14:21:16 2005
@@ -239,13 +239,13 @@
l4page = alloc_domheap_page(NULL);
if (l4page == NULL)
- domain_crash();
+ domain_crash(d);
l4 = map_domain_page(page_to_pfn(l4page));
memset(l4, 0, PAGE_SIZE);
l3page = alloc_domheap_page(NULL);
if (l3page == NULL)
- domain_crash();
+ domain_crash(d);
l3 = map_domain_page(page_to_pfn(l3page));
memset(l3, 0, PAGE_SIZE);
diff -r 6d981d34cf52 -r bdf1a8039d13 xen/arch/x86/vmx.c
--- a/xen/arch/x86/vmx.c Mon Nov 14 11:28:47 2005
+++ b/xen/arch/x86/vmx.c Mon Nov 14 14:21:16 2005
@@ -191,12 +191,12 @@
case MSR_FS_BASE:
if (!(VMX_LONG_GUEST(vc)))
/* XXX should it be GP fault */
- domain_crash();
+ domain_crash(vc->domain);
__vmread(GUEST_FS_BASE, &msr_content);
break;
case MSR_GS_BASE:
if (!(VMX_LONG_GUEST(vc)))
- domain_crash();
+ domain_crash(vc->domain);
__vmread(GUEST_GS_BASE, &msr_content);
break;
case MSR_SHADOW_GS_BASE:
@@ -260,7 +260,7 @@
case MSR_FS_BASE:
case MSR_GS_BASE:
if (!(VMX_LONG_GUEST(vc)))
- domain_crash();
+ domain_crash(vc->domain);
if (!IS_CANO_ADDRESS(msr_content)){
VMX_DBG_LOG(DBG_LEVEL_1, "Not cano address of msr write\n");
vmx_inject_exception(vc, TRAP_gp_fault, 0);
@@ -273,7 +273,7 @@
case MSR_SHADOW_GS_BASE:
if (!(VMX_LONG_GUEST(vc)))
- domain_crash();
+ domain_crash(vc->domain);
vc->arch.arch_vmx.msr_content.shadow_gs = msr_content;
wrmsrl(MSR_SHADOW_GS_BASE, msr_content);
break;
diff -r 6d981d34cf52 -r bdf1a8039d13 xen/arch/x86/vmx_vmcs.c
--- a/xen/arch/x86/vmx_vmcs.c Mon Nov 14 11:28:47 2005
+++ b/xen/arch/x86/vmx_vmcs.c Mon Nov 14 14:21:16 2005
@@ -157,13 +157,13 @@
mpfn = get_mfn_from_pfn(E820_MAP_PAGE >> PAGE_SHIFT);
if (mpfn == INVALID_MFN) {
printk("Can not find E820 memory map page for VMX domain.\n");
- domain_crash();
+ domain_crash(d);
}
p = map_domain_page(mpfn);
if (p == NULL) {
printk("Can not map E820 memory map page for VMX domain.\n");
- domain_crash();
+ domain_crash(d);
}
e820_map_nr = *(p + E820_MAP_NR_OFFSET);
@@ -182,7 +182,7 @@
printk("Can not get io request shared page"
" from E820 memory map for VMX domain.\n");
unmap_domain_page(p);
- domain_crash();
+ domain_crash(d);
}
unmap_domain_page(p);
@@ -190,13 +190,13 @@
mpfn = get_mfn_from_pfn(gpfn);
if (mpfn == INVALID_MFN) {
printk("Can not find io request shared page for VMX domain.\n");
- domain_crash();
+ domain_crash(d);
}
p = map_domain_page(mpfn);
if (p == NULL) {
printk("Can not map io request shared page for VMX domain.\n");
- domain_crash();
+ domain_crash(d);
}
d->arch.vmx_platform.shared_page_va = (unsigned long)p;
diff -r 6d981d34cf52 -r bdf1a8039d13 xen/common/domain.c
--- a/xen/common/domain.c Mon Nov 14 11:28:47 2005
+++ b/xen/common/domain.c Mon Nov 14 14:21:16 2005
@@ -125,18 +125,27 @@
}
-void domain_crash(void)
-{
- printk("Domain %d (vcpu#%d) crashed on cpu#%d:\n",
- current->domain->domain_id, current->vcpu_id, smp_processor_id());
- show_registers(guest_cpu_user_regs());
- domain_shutdown(SHUTDOWN_crash);
+void domain_crash(struct domain *d)
+{
+ if ( d == current->domain )
+ {
+ printk("Domain %d (vcpu#%d) crashed on cpu#%d:\n",
+ d->domain_id, current->vcpu_id, smp_processor_id());
+ show_registers(guest_cpu_user_regs());
+ }
+ else
+ {
+ printk("Domain %d reported crashed by domain %d on cpu#%d:\n",
+ d->domain_id, current->domain->domain_id, smp_processor_id());
+ }
+
+ domain_shutdown(d, SHUTDOWN_crash);
}
void domain_crash_synchronous(void)
{
- domain_crash();
+ domain_crash(current->domain);
for ( ; ; )
do_softirq();
}
@@ -178,10 +187,9 @@
__initcall(domain_shutdown_finaliser_init);
-void domain_shutdown(u8 reason)
-{
- struct domain *d = current->domain;
- struct vcpu *v;
+void domain_shutdown(struct domain *d, u8 reason)
+{
+ struct vcpu *v;
if ( d->domain_id == 0 )
{
diff -r 6d981d34cf52 -r bdf1a8039d13 xen/common/schedule.c
--- a/xen/common/schedule.c Mon Nov 14 11:28:47 2005
+++ b/xen/common/schedule.c Mon Nov 14 14:21:16 2005
@@ -267,7 +267,7 @@
{
TRACE_3D(TRC_SCHED_SHUTDOWN,
current->domain->domain_id, current->vcpu_id, arg);
- domain_shutdown((u8)arg);
+ domain_shutdown(current->domain, (u8)arg);
break;
}
diff -r 6d981d34cf52 -r bdf1a8039d13 xen/include/asm-ia64/vmx_vpd.h
--- a/xen/include/asm-ia64/vmx_vpd.h Mon Nov 14 11:28:47 2005
+++ b/xen/include/asm-ia64/vmx_vpd.h Mon Nov 14 14:21:16 2005
@@ -122,7 +122,7 @@
do { \
printk("__vmx_bug at %s:%d\n", __FILE__, __LINE__); \
show_registers(regs); \
- domain_crash(); \
+ domain_crash(current->domain); \
} while (0)
#endif //__ASSEMBLY__
diff -r 6d981d34cf52 -r bdf1a8039d13 xen/include/xen/sched.h
--- a/xen/include/xen/sched.h Mon Nov 14 11:28:47 2005
+++ b/xen/include/xen/sched.h Mon Nov 14 14:21:16 2005
@@ -220,14 +220,15 @@
struct domain *find_domain_by_id(domid_t dom);
extern void domain_destruct(struct domain *d);
extern void domain_kill(struct domain *d);
-extern void domain_shutdown(u8 reason);
+extern void domain_shutdown(struct domain *d, u8 reason);
extern void domain_pause_for_debugger(void);
/*
- * Mark current domain as crashed. This function returns: the domain is not
- * synchronously descheduled from any processor.
- */
-extern void domain_crash(void);
+ * Mark specified domain as crashed. This function always returns, even if the
+ * caller is the specified domain. The domain is not synchronously descheduled
+ * from any processor.
+ */
+extern void domain_crash(struct domain *d);
/*
* Mark current domain as crashed and synchronously deschedule from the local
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |