[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] Fix 2-on-3 shadow mode.

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: Gianluca Guida <gianluca.guida@xxxxxxxxxxxxx>
Date: Tue, 17 Mar 2009 13:16:36 +0000
Cc: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, Christian Limpach <Christian.Limpach@xxxxxxxxxxxxx>
Delivery-date: Tue, 17 Mar 2009 06:30:00 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

A wrong #ifdef in multi.c may cause memory corruption in some 32 bit HVMguests.

This patch fixes it, and should be applied hopefully to xen-3.3 andunstable.


Thanks,
Gianluca

diff -r 587e81dd3540 xen/arch/x86/mm/shadow/multi.c
--- a/xen/arch/x86/mm/shadow/multi.c    Mon Mar 02 14:19:35 2009 +0000
+++ b/xen/arch/x86/mm/shadow/multi.c    Tue Mar 17 13:11:46 2009 +0000
@@ -2753,14 +2753,13 @@ int sh_safe_not_to_sync(struct vcpu *v, 
         return 0;
     smfn = _mfn(sp->up >> PAGE_SHIFT);
     ASSERT(mfn_valid(smfn));
-
-#if (GUEST_PAGING_LEVELS == 2)
+#endif
+
+#if (GUEST_PAGING_LEVELS == 2 && SHADOW_PAGING_LEVELS == 3)
     /* In 2-on-3 shadow mode the up pointer contains the link to the
      * shadow page, but the shadow_table contains only the first of the
      * four pages that makes the PAE top shadow tables. */
     smfn = _mfn(mfn_x(smfn) & ~0x3UL);
-#endif
-
 #endif
 
     if ( pagetable_get_pfn(v->arch.shadow_table[0]) == mfn_x(smfn)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Prev by Date: Re: [Xen-devel] Xen unstable crash
Next by Date: Re: [Xen-devel] Re: 2.6.28.7 domU: 32-bit emulation seems to be broken
Previous by thread: [Xen-devel] stubdom build broken?
Next by thread: [Xen-devel] blktap kernel module accessing freed memory?
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.