From 2d8e8cad33af4a5a2559b3e8b3fb16cce9cff6dc Mon Sep 17 00:00:00 2001
From: "kaf24@freefall.cl.cam.ac.uk" <kaf24@freefall.cl.cam.ac.uk>
Date: Wed, 20 Oct 2004 16:23:51 +0000
Subject: [PATCH] bitkeeper revision 1.1159.117.1
 (41769117YL0J9d2bEpMGocvDP1rMdQ)

Fix the writable pagetable error paths. Some of them are genuine Xen
bugs if they trigger. Otehrs now properly clean wrpt state before
crashing the domain, so we don't leave any refcnts inconsistent.
---
 xen/arch/x86/memory.c | 21 +++++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/memory.c b/xen/arch/x86/memory.c
index 0857d897e6..dd155a5ba5 100644
--- a/xen/arch/x86/memory.c
+++ b/xen/arch/x86/memory.c
@@ -1604,7 +1604,11 @@ void ptwr_flush(const int which)
     if ( unlikely(__get_user(pte, ptep)) )
     {
         MEM_LOG("ptwr: Could not read pte at %p\n", ptep);
-        domain_crash();
+        /*
+         * Really a bug. We could read this PTE during the initial fault,
+         * and pagetables can't have changed meantime. XXX Multi-proc guests?
+         */
+        BUG();
     }
     PTWR_PRINTK("[%c] disconnected_l1va at %p is %08lx\n",
                 PTWR_PRINT_WHICH, ptep, pte);
@@ -1627,7 +1631,11 @@ void ptwr_flush(const int which)
     if ( unlikely(__put_user(pte, ptep)) )
     {
         MEM_LOG("ptwr: Could not update pte at %p\n", ptep);
-        domain_crash();
+        /*
+         * Really a bug. We could write this PTE during the initial fault,
+         * and pagetables can't have changed meantime. XXX Multi-proc guests?
+         */
+        BUG();
     }
 
     /* Ensure that there are no stale writable mappings in any TLB. */
@@ -1668,6 +1676,12 @@ void ptwr_flush(const int which)
         if ( unlikely(!get_page_from_l1e(nl1e, d)) )
         {
             MEM_LOG("ptwr: Could not re-validate l1 page\n");
+            /*
+             * Make the remaining p.t's consistent before crashing, so the
+             * reference counts are correct.
+             */
+            memcpy(&pl1e[i], &ptwr_info[cpu].ptinfo[which].page[i],
+                   (ENTRIES_PER_L1_PAGETABLE - i) * sizeof(l1_pgentry_t));
             domain_crash();
         }
         
@@ -1781,6 +1795,9 @@ int ptwr_do_page_fault(unsigned long addr)
     {
         MEM_LOG("ptwr: Could not update pte at %p\n", (unsigned long *)
                 &linear_pg_table[addr>>PAGE_SHIFT]);
+        /* Toss the writable pagetable state and crash. */
+        unmap_domain_mem(ptwr_info[cpu].ptinfo[which].pl1e);
+        ptwr_info[cpu].ptinfo[which].l1va = 0;
         domain_crash();
     }
     
-- 
2.30.2