[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] x86 shadow: fix vram tracking



# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1236855343 0
# Node ID cc9b41a476dc62149d7a385aad70ce6e221e928f
# Parent  8ce14a3bcf05966a4623b1aae2b6bd6570ffd480
x86 shadow: fix vram tracking

Check for writable mappings in ptes before assuming that the type
count in the page has changed.

Signed-off-by: Gianluca Guida <gianluca.guida@xxxxxxxxxxxxx>
---
 xen/arch/x86/mm/shadow/multi.c |   53 ++++++++++++++++++++++++-----------------
 1 files changed, 32 insertions(+), 21 deletions(-)

diff -r 8ce14a3bcf05 -r cc9b41a476dc xen/arch/x86/mm/shadow/multi.c
--- a/xen/arch/x86/mm/shadow/multi.c    Thu Mar 12 08:35:12 2009 +0000
+++ b/xen/arch/x86/mm/shadow/multi.c    Thu Mar 12 10:55:43 2009 +0000
@@ -1039,18 +1039,19 @@ static inline void shadow_vram_get_l1e(s
                                        mfn_t sl1mfn,
                                        struct domain *d)
 { 
-    mfn_t mfn;
+    mfn_t mfn = shadow_l1e_get_mfn(new_sl1e);
+    int flags = shadow_l1e_get_flags(new_sl1e);
     unsigned long gfn;
 
-    if ( !d->dirty_vram ) return;
-
-    mfn = shadow_l1e_get_mfn(new_sl1e);
-
-    if ( !mfn_valid(mfn) ) return; /* m2p for mmio_direct may not exist */
+    if ( !d->dirty_vram         /* tracking disabled? */
+         || !(flags & _PAGE_RW) /* read-only mapping? */
+         || !mfn_valid(mfn) )   /* mfn can be invalid in mmio_direct */
+        return;
 
     gfn = mfn_to_gfn(d, mfn);
 
-    if ( (gfn >= d->dirty_vram->begin_pfn) && (gfn < d->dirty_vram->end_pfn) ) 
{
+    if ( (gfn >= d->dirty_vram->begin_pfn) && (gfn < d->dirty_vram->end_pfn) )
+    {
         unsigned long i = gfn - d->dirty_vram->begin_pfn;
         struct page_info *page = mfn_to_page(mfn);
         
@@ -1066,48 +1067,58 @@ static inline void shadow_vram_put_l1e(s
                                        mfn_t sl1mfn,
                                        struct domain *d)
 {
-    mfn_t mfn;
+    mfn_t mfn = shadow_l1e_get_mfn(old_sl1e);
+    int flags = shadow_l1e_get_flags(old_sl1e);
     unsigned long gfn;
 
-    if ( !d->dirty_vram ) return;
-
-    mfn = shadow_l1e_get_mfn(old_sl1e);
-
-    if ( !mfn_valid(mfn) ) return;
+    if ( !d->dirty_vram         /* tracking disabled? */
+         || !(flags & _PAGE_RW) /* read-only mapping? */
+         || !mfn_valid(mfn) )   /* mfn can be invalid in mmio_direct */
+        return;
 
     gfn = mfn_to_gfn(d, mfn);
 
-    if ( (gfn >= d->dirty_vram->begin_pfn) && (gfn < d->dirty_vram->end_pfn) ) 
{
+    if ( (gfn >= d->dirty_vram->begin_pfn) && (gfn < d->dirty_vram->end_pfn) )
+    {
         unsigned long i = gfn - d->dirty_vram->begin_pfn;
         struct page_info *page = mfn_to_page(mfn);
         int dirty = 0;
         paddr_t sl1ma = pfn_to_paddr(mfn_x(sl1mfn))
             | ((unsigned long)sl1e & ~PAGE_MASK);
 
-        if ( (page->u.inuse.type_info & PGT_count_mask) == 1 ) {
+        if ( (page->u.inuse.type_info & PGT_count_mask) == 1 )
+        {
             /* Last reference */
             if ( d->dirty_vram->sl1ma[i] == INVALID_PADDR ) {
                 /* We didn't know it was that one, let's say it is dirty */
                 dirty = 1;
-            } else {
+            }
+            else
+            {
                 ASSERT(d->dirty_vram->sl1ma[i] == sl1ma);
                 d->dirty_vram->sl1ma[i] = INVALID_PADDR;
-                if ( shadow_l1e_get_flags(old_sl1e) & _PAGE_DIRTY )
+                if ( flags & _PAGE_DIRTY )
                     dirty = 1;
             }
-        } else {
+        }
+        else
+        {
             /* We had more than one reference, just consider the page dirty. */
             dirty = 1;
             /* Check that it's not the one we recorded. */
-            if ( d->dirty_vram->sl1ma[i] == sl1ma ) {
+            if ( d->dirty_vram->sl1ma[i] == sl1ma )
+            {
                 /* Too bad, we remembered the wrong one... */
                 d->dirty_vram->sl1ma[i] = INVALID_PADDR;
-            } else {
+            }
+            else
+            {
                 /* Ok, our recorded sl1e is still pointing to this page, let's
                  * just hope it will remain. */
             }
         }
-        if ( dirty ) {
+        if ( dirty )
+        {
             d->dirty_vram->dirty_bitmap[i / 8] |= 1 << (i % 8);
             d->dirty_vram->last_dirty = NOW();
         }

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.