x86/mm/paging: Prevent the guest from faulting on the same gfn when dying

A crashing guest due to paging may hit an "endless" loop faulting repeatedly on
the current paged-out gfn, until the toolstack comes around to killing the
domain.

Unfortunately domain_crash at this point may not pause the vcpu due to the
shutting_down flag, so we pause it explicitly when detecting the condition.

Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>

diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index ba47c99445c319630e0ac267de83bb27bc11918e..cf97617eaf95ec9f4b5c887339254f8fc6f58159 100644 (file)
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -988,6 +988,9 @@ void p2m_mem_paging_populate(struct domain *d, unsigned long gfn)
     {
         gdprintk(XENLOG_ERR, "Domain %hu paging gfn %lx yet no ring "
                              "in place\n", d->domain_id, gfn);
+        /* Prevent the vcpu from faulting repeatedly on the same gfn */
+        if ( v->domain == d )
+            vcpu_pause_nosync(v);
         domain_crash(d);
         return;
     }