ia64/xen-unstable

changeset 9693:268f2b85f313

Use copy_from_user when accessing linear page table in shadow_fault().
This is safer, and direct access may crash hypervisor by some potential
bug. Also remove some tailing space.

Signed-off-by: Xin Li <xin.b.li@intel.com>
author kaf24@firebug.cl.cam.ac.uk
date Thu Apr 13 10:10:19 2006 +0100 (2006-04-13)
parents 19c55935580f
children a9ae49b52c28
files xen/arch/x86/shadow32.c
line diff
     1.1 --- a/xen/arch/x86/shadow32.c	Wed Apr 12 18:53:38 2006 +0100
     1.2 +++ b/xen/arch/x86/shadow32.c	Thu Apr 13 10:10:19 2006 +0100
     1.3 @@ -2886,7 +2886,7 @@ int shadow_fault(unsigned long va, struc
     1.4      SH_VVLOG("shadow_fault( va=%lx, code=%lu )",
     1.5               va, (unsigned long)regs->error_code);
     1.6      perfc_incrc(shadow_fault_calls);
     1.7 -    
     1.8 +
     1.9      check_pagetable(v, "pre-sf");
    1.10  
    1.11      /*
    1.12 @@ -2917,7 +2917,16 @@ int shadow_fault(unsigned long va, struc
    1.13      // the mapping is in-sync, so the check of the PDE's present bit, above,
    1.14      // covers this access.
    1.15      //
    1.16 -    orig_gpte = gpte = linear_pg_table[l1_linear_offset(va)];
    1.17 +    if ( __copy_from_user(&gpte,
    1.18 +                          &linear_pg_table[l1_linear_offset(va)],
    1.19 +                          sizeof(gpte)) ) {
    1.20 +        printk("%s() failed, crashing domain %d "
    1.21 +               "due to a unaccessible linear page table (gpde=%" PRIpte "), va=%lx\n",
    1.22 +               __func__, d->domain_id, l2e_get_intpte(gpde), va);
    1.23 +        domain_crash_synchronous();
    1.24 +    }
    1.25 +    orig_gpte = gpte;
    1.26 +
    1.27      if ( unlikely(!(l1e_get_flags(gpte) & _PAGE_PRESENT)) )
    1.28      {
    1.29          SH_VVLOG("shadow_fault - EXIT: gpte not present (%" PRIpte ") (gpde %" PRIpte ")",
    1.30 @@ -2928,7 +2937,7 @@ int shadow_fault(unsigned long va, struc
    1.31      }
    1.32  
    1.33      /* Write fault? */
    1.34 -    if ( regs->error_code & 2 )  
    1.35 +    if ( regs->error_code & 2 )
    1.36      {
    1.37          int allow_writes = 0;
    1.38  
    1.39 @@ -2942,7 +2951,7 @@ int shadow_fault(unsigned long va, struc
    1.40              else
    1.41              {
    1.42                  /* Write fault on a read-only mapping. */
    1.43 -                SH_VVLOG("shadow_fault - EXIT: wr fault on RO page (%" PRIpte ")", 
    1.44 +                SH_VVLOG("shadow_fault - EXIT: wr fault on RO page (%" PRIpte ")",
    1.45                           l1e_get_intpte(gpte));
    1.46                  perfc_incrc(shadow_fault_bail_ro_mapping);
    1.47                  goto fail;
    1.48 @@ -2955,10 +2964,10 @@ int shadow_fault(unsigned long va, struc
    1.49          }
    1.50  
    1.51          /* User access violation in guest? */
    1.52 -        if ( unlikely((regs->error_code & 4) && 
    1.53 +        if ( unlikely((regs->error_code & 4) &&
    1.54                        !(l1e_get_flags(gpte) & _PAGE_USER)))
    1.55          {
    1.56 -            SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" PRIpte ")", 
    1.57 +            SH_VVLOG("shadow_fault - EXIT: wr fault on super page (%" PRIpte ")",
    1.58                      l1e_get_intpte(gpte));
    1.59              goto fail;
    1.60  
    1.61 @@ -2980,7 +2989,7 @@ int shadow_fault(unsigned long va, struc
    1.62          /* Read-protection violation in guest? */
    1.63          if ( unlikely((regs->error_code & 1) ))
    1.64          {
    1.65 -            SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" PRIpte ")", 
    1.66 +            SH_VVLOG("shadow_fault - EXIT: read fault on super page (%" PRIpte ")",
    1.67                      l1e_get_intpte(gpte));
    1.68              goto fail;
    1.69