direct-io.hg

changeset 10586:535b466ee1ef

[IA64] add get_page() to prevent from freeing page

get_page() when access a page of domain.
pages can be removed from domain and freed by another cpu.
To prevent accessing freeing page, use get_page() and put_page()

Signed-off-by: Isaku Yamahata <yamahata@valinux.co.jp>
author awilliam@xenbuild.aw
date Mon Jun 19 13:06:53 2006 -0600 (2006-06-19)
parents d60da6514d65
children 5389c7b06ccf
files xen/arch/ia64/vmx/vmmu.c xen/arch/ia64/vmx/vmx_hypercall.c xen/arch/ia64/xen/fw_emul.c xen/arch/ia64/xen/vcpu.c
line diff
     1.1 --- a/xen/arch/ia64/vmx/vmmu.c	Mon Jun 19 13:00:37 2006 -0600
     1.2 +++ b/xen/arch/ia64/vmx/vmmu.c	Mon Jun 19 13:06:53 2006 -0600
     1.3 @@ -313,7 +313,9 @@ fetch_code(VCPU *vcpu, u64 gip, u64 *cod
     1.4      u64     *vpa;
     1.5      thash_data_t    *tlb;
     1.6      u64     mfn;
     1.7 +    struct page_info* page;
     1.8  
     1.9 + again:
    1.10      if ( !(VCPU(vcpu, vpsr) & IA64_PSR_IT) ) {   // I-side physical mode
    1.11          gpip = gip;
    1.12      }
    1.13 @@ -327,15 +329,27 @@ fetch_code(VCPU *vcpu, u64 gip, u64 *cod
    1.14      if( gpip){
    1.15          mfn = gmfn_to_mfn(vcpu->domain, gpip >>PAGE_SHIFT);
    1.16          if( mfn == INVALID_MFN )  panic_domain(vcpu_regs(vcpu),"fetch_code: invalid memory\n");
    1.17 -        vpa =(u64 *)__va( (gip & (PAGE_SIZE-1)) | (mfn<<PAGE_SHIFT));
    1.18      }else{
    1.19          tlb = vhpt_lookup(gip);
    1.20          if( tlb == NULL)
    1.21              panic_domain(vcpu_regs(vcpu),"No entry found in ITLB and DTLB\n");
    1.22 -        vpa =(u64 *)__va((tlb->ppn>>(PAGE_SHIFT-ARCH_PAGE_SHIFT)<<PAGE_SHIFT)|(gip&(PAGE_SIZE-1)));
    1.23 +        mfn = tlb->ppn >> (PAGE_SHIFT - ARCH_PAGE_SHIFT);
    1.24      }
    1.25 +
    1.26 +    page = mfn_to_page(mfn);
    1.27 +    if (get_page(page, vcpu->domain) == 0) {
    1.28 +        if (page_get_owner(page) != vcpu->domain) {
    1.29 +            // This page might be a page granted by another domain.
    1.30 +            panic_domain(NULL, "domain tries to execute foreign domain "
    1.31 +                         "page which might be mapped by grant table.\n");
    1.32 +        }
    1.33 +        goto again;
    1.34 +    }
    1.35 +    vpa = (u64 *)__va((mfn << PAGE_SHIFT) | (gip & (PAGE_SIZE - 1)));
    1.36 +
    1.37      *code1 = *vpa++;
    1.38      *code2 = *vpa;
    1.39 +    put_page(page);
    1.40      return 1;
    1.41  }
    1.42  
     2.1 --- a/xen/arch/ia64/vmx/vmx_hypercall.c	Mon Jun 19 13:00:37 2006 -0600
     2.2 +++ b/xen/arch/ia64/vmx/vmx_hypercall.c	Mon Jun 19 13:06:53 2006 -0600
     2.3 @@ -160,10 +160,15 @@ static int do_set_shared_page(VCPU *vcpu
     2.4      u64 o_info;
     2.5      struct domain *d = vcpu->domain;
     2.6      struct vcpu *v;
     2.7 +    struct page_info *page;
     2.8      if(vcpu->domain!=dom0)
     2.9          return -EPERM;
    2.10      o_info = (u64)vcpu->domain->shared_info;
    2.11 + again:
    2.12      d->shared_info= (shared_info_t *)domain_mpa_to_imva(vcpu->domain, gpa);
    2.13 +    page = virt_to_page(d->shared_info);
    2.14 +    if (get_page(page, d) == 0)
    2.15 +        goto again;
    2.16  
    2.17      /* Copy existing shared info into new page */
    2.18      if (o_info) {
    2.19 @@ -178,6 +183,7 @@ static int do_set_shared_page(VCPU *vcpu
    2.20  	    	free_xenheap_page((void *)o_info);
    2.21      } else
    2.22          memset(d->shared_info, 0, PAGE_SIZE);
    2.23 +    put_page(page);
    2.24      return 0;
    2.25  }
    2.26  
     3.1 --- a/xen/arch/ia64/xen/fw_emul.c	Mon Jun 19 13:00:37 2006 -0600
     3.2 +++ b/xen/arch/ia64/xen/fw_emul.c	Mon Jun 19 13:06:53 2006 -0600
     3.3 @@ -359,18 +359,32 @@ xen_pal_emulator(unsigned long index, u6
     3.4  
     3.5  // given a current domain (virtual or metaphysical) address, return the virtual address
     3.6  static unsigned long
     3.7 -efi_translate_domain_addr(unsigned long domain_addr, IA64FAULT *fault)
     3.8 +efi_translate_domain_addr(unsigned long domain_addr, IA64FAULT *fault,
     3.9 +			  struct page_info** page)
    3.10  {
    3.11  	struct vcpu *v = current;
    3.12  	unsigned long mpaddr = domain_addr;
    3.13 +	unsigned long virt;
    3.14  	*fault = IA64_NO_FAULT;
    3.15  
    3.16 +again:
    3.17  	if (v->domain->arch.efi_virt_mode) {
    3.18  		*fault = vcpu_tpa(v, domain_addr, &mpaddr);
    3.19  		if (*fault != IA64_NO_FAULT) return 0;
    3.20  	}
    3.21  
    3.22 -	return ((unsigned long) __va(translate_domain_mpaddr(mpaddr, NULL)));
    3.23 +	virt = domain_mpa_to_imva(v->domain, mpaddr);
    3.24 +	*page = virt_to_page(virt);
    3.25 +	if (get_page(*page, current->domain) == 0) {
    3.26 +		if (page_get_owner(*page) != current->domain) {
    3.27 +			// which code is appropriate?
    3.28 +			*fault = IA64_FAULT;
    3.29 +			return 0;
    3.30 +		}
    3.31 +		goto again;
    3.32 +	}
    3.33 +
    3.34 +	return virt;
    3.35  }
    3.36  
    3.37  static efi_status_t
    3.38 @@ -379,18 +393,27 @@ efi_emulate_get_time(
    3.39  	IA64FAULT *fault)
    3.40  {
    3.41  	unsigned long tv = 0, tc = 0;
    3.42 +	struct page_info *tv_page = NULL;
    3.43 +	struct page_info *tc_page = NULL;
    3.44  	efi_status_t status;
    3.45  
    3.46  	//printf("efi_get_time(%016lx,%016lx) called\n", tv_addr, tc_addr);
    3.47 -	tv = efi_translate_domain_addr(tv_addr, fault);
    3.48 -	if (*fault != IA64_NO_FAULT) return 0;
    3.49 +	tv = efi_translate_domain_addr(tv_addr, fault, &tv_page);
    3.50 +	if (*fault != IA64_NO_FAULT)
    3.51 +		return 0;
    3.52  	if (tc_addr) {
    3.53 -		tc = efi_translate_domain_addr(tc_addr, fault);
    3.54 -		if (*fault != IA64_NO_FAULT) return 0;
    3.55 +		tc = efi_translate_domain_addr(tc_addr, fault, &tc_page);
    3.56 +		if (*fault != IA64_NO_FAULT) {
    3.57 +			put_page(tv_page);
    3.58 +			return 0;
    3.59 +		}
    3.60  	}
    3.61  	//printf("efi_get_time(%016lx,%016lx) translated to xen virtual address\n", tv, tc);
    3.62  	status = (*efi.get_time)((efi_time_t *) tv, (efi_time_cap_t *) tc);
    3.63  	//printf("efi_get_time returns %lx\n", status);
    3.64 +	if (tc_page != NULL)
    3.65 +		put_page(tc_page);
    3.66 +	put_page(tv_page);
    3.67  	return status;
    3.68  }
    3.69  
     4.1 --- a/xen/arch/ia64/xen/vcpu.c	Mon Jun 19 13:00:37 2006 -0600
     4.2 +++ b/xen/arch/ia64/xen/vcpu.c	Mon Jun 19 13:06:53 2006 -0600
     4.3 @@ -1408,7 +1408,10 @@ int
     4.4  vcpu_get_domain_bundle(VCPU* vcpu, REGS* regs, UINT64 gip, IA64_BUNDLE* bundle)
     4.5  {
     4.6  	UINT64 gpip;// guest pseudo phyiscal ip
     4.7 +	unsigned long vaddr;
     4.8 +	struct page_info* page;
     4.9  
    4.10 +again:
    4.11  #if 0
    4.12  	// Currently xen doesn't track psr.it bits.
    4.13  	// it assumes always psr.it = 1.
    4.14 @@ -1471,8 +1474,22 @@ vcpu_get_domain_bundle(VCPU* vcpu, REGS*
    4.15  		gpip = ((tr.pte.ppn >> (tr.ps - 12)) << tr.ps) |
    4.16  			(gip & ((1 << tr.ps) - 1));
    4.17  	}
    4.18 -
    4.19 -	*bundle = *((IA64_BUNDLE*)__va(__gpa_to_mpa(vcpu->domain, gpip)));
    4.20 +	
    4.21 +	vaddr = domain_mpa_to_imva(vcpu->domain, gpip);
    4.22 +	page = virt_to_page(vaddr);
    4.23 +	if (get_page(page, vcpu->domain) == 0) {
    4.24 +		if (page_get_owner(page) != vcpu->domain) {
    4.25 +			// This page might be a page granted by another
    4.26 +			// domain.
    4.27 +			panic_domain(regs,
    4.28 +				     "domain tries to execute foreign domain "
    4.29 +				     "page which might be mapped by grant "
    4.30 +				     "table.\n");
    4.31 +		}
    4.32 +		goto again;
    4.33 +	}
    4.34 +	*bundle = *((IA64_BUNDLE*)vaddr);
    4.35 +	put_page(page);
    4.36  	return 1;
    4.37  }
    4.38