changeset 18463:5a6f5b4b5fb3

ioemu: Fix bug in map cache

This small patch fixes an issue leading to a crash (segfault, although
with earlier changesets I was seeing sigbus - not sure what changed)
in qemu-dm when the following conditions occur:

1. A valid mapping for a bucket on a low address exists

2. Immediately after accessing memory mapped in this bucket, an access
occurs to a high (beyond assigned ram) address beyond the 1GB limit
for 32bit map cache wrapping around to the previous bucket's entry

3. The next call to map cache again accesses the low address.

In this scenario, the guest mem for the low bucket has been unmapped
by the remap_bucket caused by 2., but because the valid_mapping
bit-test fails, map_cache returns before last_address_index has been
updated. The subsequent call to map_cache therefore never remaps the
low, valid bucket and instead returns a vaddr pointing to memory that
has failed to get mapped.

Signed-off-by: Trolle Selander <trolle.selander@eu.citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Tue Sep 09 15:05:58 2008 +0100 (2008-09-09)
parents 33d907ff2b04
children 5f3bb7f1a4cb
files tools/ioemu/hw/xen_machine_fv.c
line diff
     1.1 --- a/tools/ioemu/hw/xen_machine_fv.c	Tue Sep 09 15:02:51 2008 +0100
     1.2 +++ b/tools/ioemu/hw/xen_machine_fv.c	Tue Sep 09 15:05:58 2008 +0100
     1.3 @@ -139,8 +139,10 @@ uint8_t *qemu_map_cache(target_phys_addr
     1.4          !test_bit(address_offset>>XC_PAGE_SHIFT, entry->valid_mapping))
     1.5          qemu_remap_bucket(entry, address_index);
     1.7 -    if (!test_bit(address_offset>>XC_PAGE_SHIFT, entry->valid_mapping))
     1.8 +    if (!test_bit(address_offset>>XC_PAGE_SHIFT, entry->valid_mapping)) {
     1.9 +        last_address_index = ~0UL;
    1.10          return NULL;
    1.11 +    }
    1.13      last_address_index = address_index;
    1.14      last_address_vaddr = entry->vaddr_base;