From db062c28f30eb68d1b5d7a910445a0ba1136179a Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roger=20Pau=20Monn=C3=A9?= Date: Wed, 13 Nov 2013 09:26:13 +0100 Subject: [PATCH] libxc: move temporary grant table mapping to end of memory MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit In order to set up the grant table for HVM guests, libxc needs to map the grant table temporarily. At the moment, it does this by adding the grant page to the HVM guest's p2m table in the MMIO hole (at gfn 0xFFFFE), then mapping that gfn, setting up the table, then unmapping the gfn and removing it from the p2m table. This breaks with PVH guests with 4G or more of ram, because there is no MMIO hole; so it ends up clobbering a valid RAM p2m entry, then leaving a "hole" when it removes the grant map from the p2m table. Since the guest thinks this is normal ram, when it maps it and tries to access the page, it crashes. This patch maps the page at max_gfn+1 instead. Signed-off-by: Roger Pau Monné Acked-by: Tim Deegan Acked-by: Ian Campbell Acked-by: Keir Fraser Acked-by: Eddie Dong --- tools/libxc/xc_dom.h | 3 --- tools/libxc/xc_dom_boot.c | 14 ++++++++++++-- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h index 86e23eea9c..935b49e755 100644 --- a/tools/libxc/xc_dom.h +++ b/tools/libxc/xc_dom.h @@ -18,9 +18,6 @@ #define INVALID_P2M_ENTRY ((xen_pfn_t)-1) -/* Scrach PFN for temporary mappings in HVM */ -#define SCRATCH_PFN_GNTTAB 0xFFFFE - /* --- typedefs and structs ---------------------------------------- */ typedef uint64_t xen_vaddr_t; diff --git a/tools/libxc/xc_dom_boot.c b/tools/libxc/xc_dom_boot.c index 71e1897bb5..fdfeaf8b90 100644 --- a/tools/libxc/xc_dom_boot.c +++ b/tools/libxc/xc_dom_boot.c @@ -361,17 +361,27 @@ int xc_dom_gnttab_hvm_seed(xc_interface *xch, domid_t domid, domid_t xenstore_domid) { int rc; + xen_pfn_t max_gfn; struct xen_add_to_physmap xatp = { .domid = domid, .space = XENMAPSPACE_grant_table, .idx = 0, - .gpfn = SCRATCH_PFN_GNTTAB }; struct xen_remove_from_physmap xrfp = { .domid = domid, - .gpfn = SCRATCH_PFN_GNTTAB }; + max_gfn = xc_domain_maximum_gpfn(xch, domid); + if ( max_gfn <= 0 ) { + xc_dom_panic(xch, XC_INTERNAL_ERROR, + "%s: failed to get max gfn " + "[errno=%d]\n", + __FUNCTION__, errno); + return -1; + } + xatp.gpfn = max_gfn + 1; + xrfp.gpfn = max_gfn + 1; + rc = do_memory_op(xch, XENMEM_add_to_physmap, &xatp, sizeof(xatp)); if ( rc != 0 ) { -- 2.30.2