Fix PAE debug builds to avoid shadowing shadow-mode pgdirs below 4GB.

The current shadow mode is not aware of this extra level of shadowing
and gets rather confused. Furthermore it *always* ensures that its
PAE pgdirs are below 4GB so there is no need for the extra shadowing
logic to be invoked.

This fixes a bug introduced in changeset 10177:d5f98d23427a0d256b896fc63ccfd2c1f79e55ba

Signed-off-by: Keir Fraser <keir@xensource.com>

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 29e72dea306b50a5e6e8e71ed81f3039d6830bc2..622b9505dc2a028460a79d7283dcddf63a103df2 100644 (file)
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -266,8 +266,15 @@ void share_xen_page_with_privileged_guests(
 /* Only PDPTs above 4GB boundary need to be shadowed in low memory. */
 #define l3tab_needs_shadow(mfn) (mfn >= 0x100000)
 #else
-/* In debug builds we aggressively shadow PDPTs to exercise code paths. */
-#define l3tab_needs_shadow(mfn) ((mfn << PAGE_SHIFT) != __pa(idle_pg_table))
+/*
+ * In debug builds we aggressively shadow PDPTs to exercise code paths.
+ * We cannot safely shadow the idle page table, nor shadow-mode page tables
+ * (detected by lack of an owning domain). Always shadow PDPTs above 4GB.
+ */
+#define l3tab_needs_shadow(mfn)                         \
+    ((((mfn << PAGE_SHIFT) != __pa(idle_pg_table)) &&   \
+      (page_get_owner(mfn_to_page(mfn)) != NULL)) ||    \
+     (mfn >= 0x100000))
 #endif
 
 static l1_pgentry_t *fix_pae_highmem_pl1e;