For vmx domain, because shadow_mode_reference is set later in

vmx_final_setup_guest, so in arch_set_info_guest, the phys_basetab
is not do get_page, while when destroying, put_page is called,
so there is one page, the count=-1, and when a new domain allocate
this page, it will take it as cpumask 0xffffffff, this cause flash_tlb_mask
goes into dead loop.
This patch also eliminate the warning when creating vmx guest:
(XEN) Audit 1: type count went below zero mfn=1e03d t=f0000000 ot=3654b

Signed-off-by: Xiaofeng Ling <xiaofeng.ling@intel.com>
Signed-off-by: Xin Li        <xin.b.li@intel.com>

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index a2d5d9b657bd6d57ded11f33358a964c8783c200..a37643a5d5897d5aa48f87b309544933f55c4869 100644 (file)
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -407,6 +407,7 @@ int arch_set_info_guest(
         /* VMX uses the initially provided page tables as the P2M map. */
         if ( !pagetable_get_paddr(d->arch.phys_table) )
             d->arch.phys_table = v->arch.guest_table;
+        v->arch.guest_table = mk_pagetable(0);
 
         /* Initialize monitor page table */
         v->arch.monitor_table = mk_pagetable(0);

diff --git a/xen/arch/x86/vmx_vmcs.c b/xen/arch/x86/vmx_vmcs.c
index 929a2a861bbe48b086cf479fce50d2e9c3ba5006..08a38024a894f89bc0b27bb0c79c9d7f577c85f8 100644 (file)
--- a/xen/arch/x86/vmx_vmcs.c
+++ b/xen/arch/x86/vmx_vmcs.c
@@ -332,7 +332,7 @@ static void vmx_do_launch(struct vcpu *v)
     error |= __vmwrite(GUEST_TR_BASE, 0);
     error |= __vmwrite(GUEST_TR_LIMIT, 0xff);
 
-    __vmwrite(GUEST_CR3, pagetable_get_paddr(v->arch.guest_table));
+    __vmwrite(GUEST_CR3, pagetable_get_paddr(v->domain->arch.phys_table));
     __vmwrite(HOST_CR3, pagetable_get_paddr(v->arch.monitor_table));
     __vmwrite(HOST_RSP, (unsigned long)get_stack_bottom());