From f48224b20883ad607518c5f8dafc2b23b6199d3d Mon Sep 17 00:00:00 2001 From: "kaf24@firebug.cl.cam.ac.uk" Date: Sun, 12 Mar 2006 19:37:00 +0100 Subject: [PATCH] Ignore pinning of other than root page directories. Disallow creation of pagetables with 'va_unknown' page-directory backptrs. Signed-off-by: Keir Fraser --- xen/arch/x86/mm.c | 58 +++++++++++----------------------------- xen/include/asm-x86/mm.h | 8 ++---- 2 files changed, 18 insertions(+), 48 deletions(-) diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index c5d958a884..e4af8e1263 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -777,9 +777,7 @@ static inline int l1_backptr( unsigned long *backptr, unsigned long offset_in_l2, unsigned long l2_type) { unsigned long l2_backptr = l2_type & PGT_va_mask; - BUG_ON(l2_backptr == PGT_va_unknown); - if ( l2_backptr == PGT_va_mutable ) - return 0; + ASSERT(l2_backptr != PGT_va_unknown); *backptr = ((l2_backptr >> PGT_va_shift) << L3_PAGETABLE_SHIFT) | (offset_in_l2 << L2_PAGETABLE_SHIFT); @@ -793,8 +791,7 @@ static inline int l1_backptr( unsigned long *backptr, unsigned long offset_in_l2, unsigned long l2_type) { unsigned long l2_backptr = l2_type & PGT_va_mask; - BUG_ON(l2_backptr == PGT_va_unknown); - + ASSERT(l2_backptr != PGT_va_unknown); *backptr = ((l2_backptr >> PGT_va_shift) << L3_PAGETABLE_SHIFT) | (offset_in_l2 << L2_PAGETABLE_SHIFT); return 1; @@ -804,8 +801,7 @@ static inline int l2_backptr( unsigned long *backptr, unsigned long offset_in_l3, unsigned long l3_type) { unsigned long l3_backptr = l3_type & PGT_va_mask; - BUG_ON(l3_backptr == PGT_va_unknown); - + ASSERT(l3_backptr != PGT_va_unknown); *backptr = ((l3_backptr >> PGT_va_shift) << L4_PAGETABLE_SHIFT) | (offset_in_l3 << L3_PAGETABLE_SHIFT); return 1; @@ -814,9 +810,6 @@ static inline int l2_backptr( static inline int l3_backptr( unsigned long *backptr, unsigned long offset_in_l4, unsigned long l4_type) { - unsigned long l4_backptr = l4_type & PGT_va_mask; - BUG_ON(l4_backptr == PGT_va_unknown); - *backptr = (offset_in_l4 << L4_PAGETABLE_SHIFT); return 1; } @@ -1438,13 +1431,6 @@ void put_page_type(struct page_info *page) nx &= ~PGT_validated; } } - else if ( unlikely(((nx & (PGT_pinned | PGT_count_mask)) == - (PGT_pinned | 1)) && - ((nx & PGT_type_mask) != PGT_writable_page)) ) - { - /* Page is now only pinned. Make the back pointer mutable again. */ - nx |= PGT_va_mutable; - } } while ( unlikely((y = cmpxchg(&page->u.inuse.type_info, x, nx)) != x) ); } @@ -1527,20 +1513,17 @@ int get_page_type(struct page_info *page, unsigned long type) get_gpfn_from_mfn(page_to_mfn(page))); return 0; } - else if ( (x & PGT_va_mask) == PGT_va_mutable ) - { - /* The va backpointer is mutable, hence we update it. */ - nx &= ~PGT_va_mask; - nx |= type; /* we know the actual type is correct */ - } - else if ( ((type & PGT_va_mask) != PGT_va_mutable) && - ((type & PGT_va_mask) != (x & PGT_va_mask)) ) + else { + ASSERT((type & PGT_va_mask) != (x & PGT_va_mask)); #ifdef CONFIG_X86_PAE /* We use backptr as extra typing. Cannot be unknown. */ if ( (type & PGT_type_mask) == PGT_l2_page_table ) return 0; #endif + /* Fixme: add code to propagate va_unknown to subtables. */ + if ( (type & PGT_type_mask) >= PGT_l2_page_table ) + return 0; /* This table is possibly mapped at multiple locations. */ nx &= ~PGT_va_mask; nx |= PGT_va_unknown; @@ -1818,12 +1801,17 @@ int do_mmuext_op( switch ( op.cmd ) { case MMUEXT_PIN_L1_TABLE: - type = PGT_l1_page_table | PGT_va_mutable; + case MMUEXT_PIN_L2_TABLE: + case MMUEXT_PIN_L3_TABLE: + case MMUEXT_PIN_L4_TABLE: + if ( (op.cmd - MMUEXT_PIN_L1_TABLE) != (CONFIG_PAGING_LEVELS - 1) ) + break; - pin_page: if ( shadow_mode_refcounts(FOREIGNDOM) ) break; + type = PGT_root_page_table; + okay = get_page_and_type_from_pagenr(mfn, type, FOREIGNDOM); if ( unlikely(!okay) ) { @@ -1842,20 +1830,6 @@ int do_mmuext_op( break; -#ifndef CONFIG_X86_PAE /* Unsafe on PAE because of Xen-private mappings. */ - case MMUEXT_PIN_L2_TABLE: - type = PGT_l2_page_table | PGT_va_mutable; - goto pin_page; -#endif - - case MMUEXT_PIN_L3_TABLE: - type = PGT_l3_page_table | PGT_va_mutable; - goto pin_page; - - case MMUEXT_PIN_L4_TABLE: - type = PGT_l4_page_table | PGT_va_mutable; - goto pin_page; - case MMUEXT_UNPIN_TABLE: if ( shadow_mode_refcounts(d) ) break; @@ -3376,7 +3350,7 @@ int ptwr_do_page_fault(struct domain *d, unsigned long addr, /* Get the L2 index at which this L1 p.t. is always mapped. */ l2_idx = page->u.inuse.type_info & PGT_va_mask; - if ( unlikely(l2_idx >= PGT_va_unknown) ) + if ( unlikely(l2_idx == PGT_va_unknown) ) goto emulate; /* Urk! This L1 is mapped in multiple L2 slots! */ l2_idx >>= PGT_va_shift; diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h index 8cfe942e8e..74917fd226 100644 --- a/xen/include/asm-x86/mm.h +++ b/xen/include/asm-x86/mm.h @@ -81,18 +81,14 @@ struct page_info /* The 11 most significant bits of virt address if this is a page table. */ #define PGT_va_shift 16 #define PGT_va_mask (((1U<<11)-1)<