projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cebb9d1) | patch
This fixes the following scenerio:
authorkaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Wed, 16 Nov 2005 10:41:14 +0000 (11:41 +0100)
committerkaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Wed, 16 Nov 2005 10:41:14 +0000 (11:41 +0100)
commitb6b510cca79d1d6acc2371b326334dcf126745d4
treefda52f1dec73b695e8c0a2e91139bab459dbcc66tree | snapshot
parentcebb9d12a556e9ce8013c4a7058fcd9d0fee93fbcommit | diff
This fixes the following scenerio:
1) gmfn X is L2 table, and a shadow for it is set.
2) A write to page X, and the same page would be L1 table
also.(Something like the linear page table) But the shadow for L1 table
is not set.

The code path will be shadow_fault -> l1pte_write_fault. Because X is L2
table, so shadow_mark_va_out_of_sync is called , this function will
allocate a OO entry for this table, and set the writable_pl1e to -1.
Also it alloc a L1 shadow for X through shadow_map_l1_into_current_l2.
When allocating, free_out_of_sync_state will be called to free all OO
entry. However, since the OO entry allocated on
shadow_mark_va_out_of_sync has the writable_pl1e to -1, this OO entry
will never be released.

Signed-off-by: Yunhong Jiang <yunhong.jiang@intel.com>
xen/arch/x86/shadow.c diff | blob | history
xen/arch/x86/shadow32.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.