From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andres Lagar-Cavilla Subject: [PATCH 10 of 14] Prevent the hypervisor from BUGging if xc_hvm_modified_memory is called on a shared page Date: Wed, 23 Nov 2011 16:11:17 -0500 Message-ID: <667e53a7ad34cd286c76.1322082677@xdev.gridcentric.ca> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com Cc: andres@gridcentric.ca, keir.xen@gmail.com, tim@xen.org, JBeulich@suse.com, adin@gridcentric.ca List-Id: xen-devel@lists.xenproject.org xen/arch/x86/hvm/hvm.c | 10 +++++++++- 1 files changed, 9 insertions(+), 1 deletions(-) Signed-off-by: Andres Lagar-Cavilla Signed-off-by: Adin Scannell diff -r 76802e649c2c -r 667e53a7ad34 xen/arch/x86/hvm/hvm.c --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -3755,7 +3755,7 @@ long do_hvm_op(unsigned long op, XEN_GUE for ( pfn = a.first_pfn; pfn < a.first_pfn + a.nr; pfn++ ) { p2m_type_t t; - mfn_t mfn = get_gfn(d, pfn, &t); + mfn_t mfn = get_gfn_unshare(d, pfn, &t); if ( p2m_is_paging(t) ) { p2m_mem_paging_populate(d, pfn); @@ -3764,8 +3764,16 @@ long do_hvm_op(unsigned long op, XEN_GUE goto param_fail3; } if( p2m_is_shared(t) ) + { + /* If it insists on not unsharing itself, crash the domain + * rather than crashing the host down in mark dirty */ gdprintk(XENLOG_WARNING, "shared pfn 0x%lx modified?\n", pfn); + domain_crash(d); + put_gfn(d, pfn); + rc = -EINVAL; + goto param_fail3; + } if ( mfn_x(mfn) != INVALID_MFN ) {