From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Ling, Xiaofeng" Subject: [PATCH]fixed the get/put_page unmatch for guest L2 page Date: Thu, 08 Dec 2005 14:27:37 +0800 Message-ID: <4397D259.5020402@intel.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------050706030006070300030901" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel List-Id: xen-devel@lists.xenproject.org This is a multi-part message in MIME format. --------------050706030006070300030901 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit # HG changeset patch # User Xiaofeng Ling # Node ID 63976fd25b5d28243c5fc1e78af1b6759349f749 # Parent 97fce5212e2877da4ef99453c3ded213ba991d5a This patch fixed the get/put_page unmatch for guest L2 page (v->arch.guest_table). some times, when you destroy an OS when it is in real mode. (vmxassist), there is an extra put_page in domain_relinquish_resource. which cause this page be freed with type_info !=0. With ASSERT open, hypervisor will crash, with debug=n, on some machine, system will hang in alloc_domheap_pages, due to type_info is a union with cpumask and not equal to 0. Signed-off-by: Xiaofeng Ling --------------050706030006070300030901 Content-Type: text/x-patch; name="cr3get.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="cr3get.patch" # HG changeset patch # User Xiaofeng Ling # Node ID 63976fd25b5d28243c5fc1e78af1b6759349f749 # Parent 97fce5212e2877da4ef99453c3ded213ba991d5a This patch fixed the get/put_page unmatch for guest L2 page (v->arch.guest_table). some times, when you destroy an OS when it is in real mode. (vmxassist), there is an extra put_page in domain_relinquish_resource. which cause this page be freed with type_info !=0. With ASSERT open, hypervisor will crash, with debug=n, on some machine, system will hang in alloc_domheap_pages, due to type_info is a union with cpumask and not equal to 0. Signed-off-by: Xiaofeng Ling diff -r 97fce5212e28 -r 63976fd25b5d xen/arch/x86/vmx.c --- a/xen/arch/x86/vmx.c Wed Dec 7 09:32:17 2005 +0800 +++ b/xen/arch/x86/vmx.c Wed Dec 7 10:29:23 2005 +0800 @@ -905,7 +905,7 @@ int vmx_world_restore(struct vcpu *v, struct vmx_assist_context *c) { - unsigned long mfn, old_cr4; + unsigned long mfn, old_cr4, old_base_mfn; int error = 0; error |= __vmwrite(GUEST_RIP, c->eip); @@ -945,7 +945,12 @@ return 0; } mfn = get_mfn_from_pfn(c->cr3 >> PAGE_SHIFT); + if(!get_page(pfn_to_page(mfn), v->domain)) + return 0; + old_base_mfn = pagetable_get_pfn(v->arch.guest_table); v->arch.guest_table = mk_pagetable(mfn << PAGE_SHIFT); + if (old_base_mfn) + put_page(pfn_to_page(old_base_mfn)); update_pagetables(v); /* * arch.shadow_table should now hold the next CR3 for shadow @@ -1174,9 +1179,11 @@ } if(!((value & X86_CR0_PE) && (value & X86_CR0_PG)) && paging_enabled) - if(v->arch.arch_vmx.cpu_cr3) + if(v->arch.arch_vmx.cpu_cr3){ put_page(pfn_to_page(get_mfn_from_pfn( v->arch.arch_vmx.cpu_cr3 >> PAGE_SHIFT))); + v->arch.guest_table = mk_pagetable(0); + } /* * VMX does not implement real-mode virtualization. We emulate --------------050706030006070300030901 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --------------050706030006070300030901--