From: Keir Fraser Date: Tue, 17 Mar 2009 14:29:26 +0000 (+0000) Subject: x86 shadow: Prevent in-sync L1s to become writable X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~13992^2~55 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3ea6bace3b0bef68c30d4b7d292a6aa90092fc4c;p=xen.git x86 shadow: Prevent in-sync L1s to become writable Signed-off-by: Keir Fraser --- diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c index 16b7f7ce07..9b4679b540 100644 --- a/xen/arch/x86/mm/shadow/multi.c +++ b/xen/arch/x86/mm/shadow/multi.c @@ -3123,6 +3123,19 @@ static int sh_page_fault(struct vcpu *v, shadow_lock(d); TRACE_CLEAR_PATH_FLAGS; + + /* Make sure there is enough free shadow memory to build a chain of + * shadow tables. (We never allocate a top-level shadow on this path, + * only a 32b l1, pae l1, or 64b l3+2+1. Note that while + * SH_type_l1_shadow isn't correct in the latter case, all page + * tables are the same size there.) + * + * Preallocate shadow pages *before* removing writable accesses + * otherwhise an OOS L1 might be demoted and promoted again with + * writable mappings. */ + shadow_prealloc(d, + SH_type_l1_shadow, + GUEST_PAGING_LEVELS < 4 ? 1 : GUEST_PAGING_LEVELS - 1); rc = gw_remove_write_accesses(v, va, &gw); @@ -3156,15 +3169,6 @@ static int sh_page_fault(struct vcpu *v, shadow_audit_tables(v); sh_audit_gw(v, &gw); - /* Make sure there is enough free shadow memory to build a chain of - * shadow tables. (We never allocate a top-level shadow on this path, - * only a 32b l1, pae l1, or 64b l3+2+1. Note that while - * SH_type_l1_shadow isn't correct in the latter case, all page - * tables are the same size there.) */ - shadow_prealloc(d, - SH_type_l1_shadow, - GUEST_PAGING_LEVELS < 4 ? 1 : GUEST_PAGING_LEVELS - 1); - /* Acquire the shadow. This must happen before we figure out the rights * for the shadow entry, since we might promote a page here. */ ptr_sl1e = shadow_get_and_create_l1e(v, &gw, &sl1mfn, ft);