direct-io.hg

changeset 7792:bdf1a8039d13

Failure to revalidate a writable pagetable page should crash
the offending domain, not merely pause it. Also, callers can
now specify another domain to domain_crash().

Signed-off-by: Keir Fraser <keir@xensource.com>
author kaf24@firebug.cl.cam.ac.uk
date Mon Nov 14 15:21:16 2005 +0100 (2005-11-14)
parents 6d981d34cf52
children 090e44133d40
files xen/arch/x86/domain.c xen/arch/x86/mm.c xen/arch/x86/shadow_public.c xen/arch/x86/vmx.c xen/arch/x86/vmx_vmcs.c xen/common/domain.c xen/common/schedule.c xen/include/asm-ia64/vmx_vpd.h xen/include/xen/sched.h
line diff
     1.1 --- a/xen/arch/x86/domain.c	Mon Nov 14 12:28:47 2005 +0100
     1.2 +++ b/xen/arch/x86/domain.c	Mon Nov 14 15:21:16 2005 +0100
     1.3 @@ -578,7 +578,7 @@ static void load_segments(struct vcpu *n
     1.4               put_user(regs->rcx,           rsp-11) )
     1.5          {
     1.6              DPRINTK("Error while creating failsafe callback frame.\n");
     1.7 -            domain_crash();
     1.8 +            domain_crash(n->domain);
     1.9          }
    1.10  
    1.11          regs->entry_vector  = TRAP_syscall;
     2.1 --- a/xen/arch/x86/mm.c	Mon Nov 14 12:28:47 2005 +0100
     2.2 +++ b/xen/arch/x86/mm.c	Mon Nov 14 15:21:16 2005 +0100
     2.3 @@ -2529,7 +2529,7 @@ int do_update_va_mapping(unsigned long v
     2.4               * not enough information in just a gpte to figure out how to
     2.5               * (re-)shadow this entry.
     2.6               */
     2.7 -            domain_crash();
     2.8 +            domain_crash(d);
     2.9          }
    2.10      
    2.11          rc = shadow_do_update_va_mapping(va, val, v);
    2.12 @@ -2918,7 +2918,6 @@ int revalidate_l1(
    2.13  {
    2.14      l1_pgentry_t ol1e, nl1e;
    2.15      int modified = 0, i;
    2.16 -    struct vcpu *v;
    2.17  
    2.18      for ( i = 0; i < L1_PAGETABLE_ENTRIES; i++ )
    2.19      {
    2.20 @@ -2944,7 +2943,6 @@ int revalidate_l1(
    2.21  
    2.22          if ( unlikely(!get_page_from_l1e(nl1e, d)) )
    2.23          {
    2.24 -            MEM_LOG("ptwr: Could not re-validate l1 page");
    2.25              /*
    2.26               * Make the remaining p.t's consistent before crashing, so the
    2.27               * reference counts are correct.
    2.28 @@ -2953,9 +2951,8 @@ int revalidate_l1(
    2.29                     (L1_PAGETABLE_ENTRIES - i) * sizeof(l1_pgentry_t));
    2.30  
    2.31              /* Crash the offending domain. */
    2.32 -            set_bit(_DOMF_ctrl_pause, &d->domain_flags);
    2.33 -            for_each_vcpu ( d, v )
    2.34 -                vcpu_sleep_nosync(v);
    2.35 +            MEM_LOG("ptwr: Could not revalidate l1 page");
    2.36 +            domain_crash(d);
    2.37              break;
    2.38          }
    2.39          
    2.40 @@ -3348,7 +3345,7 @@ int ptwr_do_page_fault(struct domain *d,
    2.41          /* Toss the writable pagetable state and crash. */
    2.42          unmap_domain_page(d->arch.ptwr[which].pl1e);
    2.43          d->arch.ptwr[which].l1va = 0;
    2.44 -        domain_crash();
    2.45 +        domain_crash(d);
    2.46          return 0;
    2.47      }
    2.48      
     3.1 --- a/xen/arch/x86/shadow_public.c	Mon Nov 14 12:28:47 2005 +0100
     3.2 +++ b/xen/arch/x86/shadow_public.c	Mon Nov 14 15:21:16 2005 +0100
     3.3 @@ -239,13 +239,13 @@ static pagetable_t page_table_convert(st
     3.4      
     3.5      l4page = alloc_domheap_page(NULL);
     3.6      if (l4page == NULL)
     3.7 -        domain_crash();
     3.8 +        domain_crash(d);
     3.9      l4 = map_domain_page(page_to_pfn(l4page));
    3.10      memset(l4, 0, PAGE_SIZE);
    3.11  
    3.12      l3page = alloc_domheap_page(NULL);
    3.13      if (l3page == NULL)
    3.14 -        domain_crash();
    3.15 +        domain_crash(d);
    3.16      l3 =  map_domain_page(page_to_pfn(l3page));
    3.17      memset(l3, 0, PAGE_SIZE);
    3.18  
     4.1 --- a/xen/arch/x86/vmx.c	Mon Nov 14 12:28:47 2005 +0100
     4.2 +++ b/xen/arch/x86/vmx.c	Mon Nov 14 15:21:16 2005 +0100
     4.3 @@ -191,12 +191,12 @@ static inline int long_mode_do_msr_read(
     4.4      case MSR_FS_BASE:
     4.5          if (!(VMX_LONG_GUEST(vc)))
     4.6              /* XXX should it be GP fault */
     4.7 -            domain_crash();
     4.8 +            domain_crash(vc->domain);
     4.9          __vmread(GUEST_FS_BASE, &msr_content);
    4.10          break;
    4.11      case MSR_GS_BASE:
    4.12          if (!(VMX_LONG_GUEST(vc)))
    4.13 -            domain_crash();
    4.14 +            domain_crash(vc->domain);
    4.15          __vmread(GUEST_GS_BASE, &msr_content);
    4.16          break;
    4.17      case MSR_SHADOW_GS_BASE:
    4.18 @@ -260,7 +260,7 @@ static inline int long_mode_do_msr_write
    4.19      case MSR_FS_BASE:
    4.20      case MSR_GS_BASE:
    4.21          if (!(VMX_LONG_GUEST(vc)))
    4.22 -            domain_crash();
    4.23 +            domain_crash(vc->domain);
    4.24          if (!IS_CANO_ADDRESS(msr_content)){
    4.25              VMX_DBG_LOG(DBG_LEVEL_1, "Not cano address of msr write\n");
    4.26              vmx_inject_exception(vc, TRAP_gp_fault, 0);
    4.27 @@ -273,7 +273,7 @@ static inline int long_mode_do_msr_write
    4.28  
    4.29      case MSR_SHADOW_GS_BASE:
    4.30          if (!(VMX_LONG_GUEST(vc)))
    4.31 -            domain_crash();
    4.32 +            domain_crash(vc->domain);
    4.33          vc->arch.arch_vmx.msr_content.shadow_gs = msr_content;
    4.34          wrmsrl(MSR_SHADOW_GS_BASE, msr_content);
    4.35          break;
     5.1 --- a/xen/arch/x86/vmx_vmcs.c	Mon Nov 14 12:28:47 2005 +0100
     5.2 +++ b/xen/arch/x86/vmx_vmcs.c	Mon Nov 14 15:21:16 2005 +0100
     5.3 @@ -157,13 +157,13 @@ static void vmx_map_io_shared_page(struc
     5.4      mpfn = get_mfn_from_pfn(E820_MAP_PAGE >> PAGE_SHIFT);
     5.5      if (mpfn == INVALID_MFN) {
     5.6          printk("Can not find E820 memory map page for VMX domain.\n");
     5.7 -        domain_crash();
     5.8 +        domain_crash(d);
     5.9      }
    5.10  
    5.11      p = map_domain_page(mpfn);
    5.12      if (p == NULL) {
    5.13          printk("Can not map E820 memory map page for VMX domain.\n");
    5.14 -        domain_crash();
    5.15 +        domain_crash(d);
    5.16      }
    5.17  
    5.18      e820_map_nr = *(p + E820_MAP_NR_OFFSET);
    5.19 @@ -182,7 +182,7 @@ static void vmx_map_io_shared_page(struc
    5.20          printk("Can not get io request shared page"
    5.21                 " from E820 memory map for VMX domain.\n");
    5.22          unmap_domain_page(p);
    5.23 -        domain_crash();
    5.24 +        domain_crash(d);
    5.25      }
    5.26      unmap_domain_page(p);
    5.27  
    5.28 @@ -190,13 +190,13 @@ static void vmx_map_io_shared_page(struc
    5.29      mpfn = get_mfn_from_pfn(gpfn);
    5.30      if (mpfn == INVALID_MFN) {
    5.31          printk("Can not find io request shared page for VMX domain.\n");
    5.32 -        domain_crash();
    5.33 +        domain_crash(d);
    5.34      }
    5.35  
    5.36      p = map_domain_page(mpfn);
    5.37      if (p == NULL) {
    5.38          printk("Can not map io request shared page for VMX domain.\n");
    5.39 -        domain_crash();
    5.40 +        domain_crash(d);
    5.41      }
    5.42      d->arch.vmx_platform.shared_page_va = (unsigned long)p;
    5.43  
     6.1 --- a/xen/common/domain.c	Mon Nov 14 12:28:47 2005 +0100
     6.2 +++ b/xen/common/domain.c	Mon Nov 14 15:21:16 2005 +0100
     6.3 @@ -125,18 +125,27 @@ void domain_kill(struct domain *d)
     6.4  }
     6.5  
     6.6  
     6.7 -void domain_crash(void)
     6.8 +void domain_crash(struct domain *d)
     6.9  {
    6.10 -    printk("Domain %d (vcpu#%d) crashed on cpu#%d:\n",
    6.11 -           current->domain->domain_id, current->vcpu_id, smp_processor_id());
    6.12 -    show_registers(guest_cpu_user_regs());
    6.13 -    domain_shutdown(SHUTDOWN_crash);
    6.14 +    if ( d == current->domain )
    6.15 +    {
    6.16 +        printk("Domain %d (vcpu#%d) crashed on cpu#%d:\n",
    6.17 +               d->domain_id, current->vcpu_id, smp_processor_id());
    6.18 +        show_registers(guest_cpu_user_regs());
    6.19 +    }
    6.20 +    else
    6.21 +    {
    6.22 +        printk("Domain %d reported crashed by domain %d on cpu#%d:\n",
    6.23 +               d->domain_id, current->domain->domain_id, smp_processor_id());
    6.24 +    }
    6.25 +
    6.26 +    domain_shutdown(d, SHUTDOWN_crash);
    6.27  }
    6.28  
    6.29  
    6.30  void domain_crash_synchronous(void)
    6.31  {
    6.32 -    domain_crash();
    6.33 +    domain_crash(current->domain);
    6.34      for ( ; ; )
    6.35          do_softirq();
    6.36  }
    6.37 @@ -178,10 +187,9 @@ static __init int domain_shutdown_finali
    6.38  __initcall(domain_shutdown_finaliser_init);
    6.39  
    6.40  
    6.41 -void domain_shutdown(u8 reason)
    6.42 +void domain_shutdown(struct domain *d, u8 reason)
    6.43  {
    6.44 -    struct domain *d = current->domain;
    6.45 -    struct vcpu   *v;
    6.46 +    struct vcpu *v;
    6.47  
    6.48      if ( d->domain_id == 0 )
    6.49      {
     7.1 --- a/xen/common/schedule.c	Mon Nov 14 12:28:47 2005 +0100
     7.2 +++ b/xen/common/schedule.c	Mon Nov 14 15:21:16 2005 +0100
     7.3 @@ -267,7 +267,7 @@ long do_sched_op(int cmd, unsigned long 
     7.4      {
     7.5          TRACE_3D(TRC_SCHED_SHUTDOWN,
     7.6                   current->domain->domain_id, current->vcpu_id, arg);
     7.7 -        domain_shutdown((u8)arg);
     7.8 +        domain_shutdown(current->domain, (u8)arg);
     7.9          break;
    7.10      }
    7.11  
     8.1 --- a/xen/include/asm-ia64/vmx_vpd.h	Mon Nov 14 12:28:47 2005 +0100
     8.2 +++ b/xen/include/asm-ia64/vmx_vpd.h	Mon Nov 14 15:21:16 2005 +0100
     8.3 @@ -122,7 +122,7 @@ extern unsigned int opt_vmx_debug_level;
     8.4      do {                                                        \
     8.5          printk("__vmx_bug at %s:%d\n", __FILE__, __LINE__);     \
     8.6          show_registers(regs);                                   \
     8.7 -        domain_crash();                                         \
     8.8 +        domain_crash(current->domain);                          \
     8.9      } while (0)
    8.10  
    8.11  #endif //__ASSEMBLY__
     9.1 --- a/xen/include/xen/sched.h	Mon Nov 14 12:28:47 2005 +0100
     9.2 +++ b/xen/include/xen/sched.h	Mon Nov 14 15:21:16 2005 +0100
     9.3 @@ -220,14 +220,15 @@ extern int set_info_guest(struct domain 
     9.4  struct domain *find_domain_by_id(domid_t dom);
     9.5  extern void domain_destruct(struct domain *d);
     9.6  extern void domain_kill(struct domain *d);
     9.7 -extern void domain_shutdown(u8 reason);
     9.8 +extern void domain_shutdown(struct domain *d, u8 reason);
     9.9  extern void domain_pause_for_debugger(void);
    9.10  
    9.11  /*
    9.12 - * Mark current domain as crashed. This function returns: the domain is not
    9.13 - * synchronously descheduled from any processor.
    9.14 + * Mark specified domain as crashed. This function always returns, even if the
    9.15 + * caller is the specified domain. The domain is not synchronously descheduled
    9.16 + * from any processor.
    9.17   */
    9.18 -extern void domain_crash(void);
    9.19 +extern void domain_crash(struct domain *d);
    9.20  
    9.21  /*
    9.22   * Mark current domain as crashed and synchronously deschedule from the local