From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arun Sharma Subject: [PATCH] shadow-fixes.patch Date: Sat, 28 May 2005 15:34:07 -0700 Message-ID: <20050528223407.GA25615@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Ian Pratt , Keir Fraser Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org 1. Indexing guest_pt[] can fault. Need to use __copy_from_user. This was preventing FreeBSD 5.4 and RHEL3 install kernel from booting. 2. Read-only page tables should remain read only on a VMX domain. Linux 2.6 depends on getting a write fault on a L2 page table page. Signed-off-by: Arun Sharma --- 1.114/xen/arch/x86/shadow.c 2005-05-25 03:36:57 -07:00 +++ edited/xen/arch/x86/shadow.c 2005-05-28 15:19:23 -07:00 @@ -1906,7 +1906,7 @@ unsigned long gpfn, unsigned index) { unsigned long smfn = __shadow_status(d, gpfn, PGT_snapshot); - l1_pgentry_t *snapshot; // could be L1s or L2s or ... + l1_pgentry_t *snapshot, gpte; // could be L1s or L2s or ... int entries_match; perfc_incrc(snapshot_entry_matches_calls); @@ -1916,10 +1916,14 @@ snapshot = map_domain_mem(smfn << PAGE_SHIFT); + if (__copy_from_user(&gpte, &guest_pt[index], + sizeof(gpte))) + return 0; + // This could probably be smarter, but this is sufficent for // our current needs. // - entries_match = !l1e_has_changed(&guest_pt[index], &snapshot[index], + entries_match = !l1e_has_changed(&gpte, &snapshot[index], PAGE_FLAG_MASK); unmap_domain_mem(snapshot); @@ -2600,7 +2604,8 @@ if ( unlikely(!(l1e_get_flags(gpte) & _PAGE_RW)) ) { - if ( shadow_mode_page_writable(d, l1e_get_pfn(gpte)) ) + if ( shadow_mode_page_writable(d, l1e_get_pfn(gpte)) + && !shadow_mode_external(d)) { allow_writes = 1; l1e_add_flags(&gpte, _PAGE_RW);