[HVM] Fix shadow mode to not corrupt frame 0's page_info struct.

Signed-off-by: Jun Nakajima <jun.nakajima@intel.com>

diff --git a/xen/arch/x86/shadow.c b/xen/arch/x86/shadow.c
index 58690617c5c134e64ede2854d761dfb38370f443..583373c34a76d2a3a404eed5f3fbdf9c6a40ed5e 100644 (file)
--- a/xen/arch/x86/shadow.c
+++ b/xen/arch/x86/shadow.c
@@ -1724,7 +1724,8 @@ static int resync_all(struct domain *d, u32 stype)
                         unshadow_l1 = 1;
                     else {
                         need_flush |= error;
-                        set_guest_back_ptr(d, *sl1e_p, smfn, i);
+                        if ( l1e_get_flags(*sl1e_p) & _PAGE_PRESENT )
+                            set_guest_back_ptr(d, *sl1e_p, smfn, i);
                     }
                     // can't update snapshots of linear page tables -- they
                     // are used multiple times...

diff --git a/xen/arch/x86/shadow32.c b/xen/arch/x86/shadow32.c
index bef350aa2346b744704cb07e49cc07f7b78ead57..5cefdb70a8489f25c1b80c8c7d1b940c1857ed28 100644 (file)
--- a/xen/arch/x86/shadow32.c
+++ b/xen/arch/x86/shadow32.c
@@ -2691,7 +2691,8 @@ static int resync_all(struct domain *d, u32 stype)
                         unshadow_l1 = 1;
                     else {
                         need_flush |= error;
-                        set_guest_back_ptr(d, shadow1[i], smfn, i);
+                        if ( l1e_get_flags(shadow1[i]) & _PAGE_PRESENT )
+                            set_guest_back_ptr(d, shadow1[i], smfn, i);
                     }
 
                     // can't update snapshots of linear page tables -- they

diff --git a/xen/include/asm-x86/shadow.h b/xen/include/asm-x86/shadow.h
index 28d50466ea004519cdfcb2710db3af2797242419..3a9e0cdf84ee7d492049e4a2c0495153dd68a5fc 100644 (file)
--- a/xen/include/asm-x86/shadow.h
+++ b/xen/include/asm-x86/shadow.h
@@ -762,10 +762,16 @@ static inline void set_guest_back_ptr(
         unsigned long gmfn;
 
         ASSERT(shadow_lock_is_acquired(d));
+        ASSERT( smfn );
         gmfn = l1e_get_pfn(spte);
-        mfn_to_page(gmfn)->tlbflush_timestamp = smfn;
-        mfn_to_page(gmfn)->u.inuse.type_info &= ~PGT_va_mask;
-        mfn_to_page(gmfn)->u.inuse.type_info |= (unsigned long) index << PGT_va_shift;
+        ASSERT( gmfn );
+        if ( l1e_get_flags(spte) & _PAGE_RW )
+        {
+            mfn_to_page(gmfn)->tlbflush_timestamp = smfn;
+            mfn_to_page(gmfn)->u.inuse.type_info &= ~PGT_va_mask;
+            mfn_to_page(gmfn)->u.inuse.type_info |= 
+                (unsigned long) index << PGT_va_shift;
+        }
     }
 }