ia64/xen-unstable

changeset 11776:6e932f32662c

[XEN] Zero PAE shadow l3es when destroying subshadows.

Normally, we can leave the contents of shadows in place when we destroy
them, but this is not the case for l3 subshadows, since they do not get
zeroed on reallocation unless the entire l3 page is unshadowed.
This fixes several crashes seen with SMP PAE HVM RHEL4.2 guests.
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
author Tim Deegan <tim.deegan@xensource.com>
date Mon Oct 09 16:43:09 2006 +0100 (2006-10-09)
parents 30f13007be3f
children fd80b7e1e333
files xen/arch/x86/mm/shadow/multi.c
line diff
     1.1 --- a/xen/arch/x86/mm/shadow/multi.c	Mon Oct 09 13:50:00 2006 +0100
     1.2 +++ b/xen/arch/x86/mm/shadow/multi.c	Mon Oct 09 16:43:09 2006 +0100
     1.3 @@ -2324,11 +2324,11 @@ static void sh_destroy_l3_subshadow(stru
     1.4  /* Tear down just a single 4-entry l3 on a 2-page l3 shadow. */
     1.5  {
     1.6      int i;
     1.7 +    mfn_t sl3mfn = _mfn(maddr_from_mapped_domain_page(sl3e) >> PAGE_SHIFT);
     1.8      ASSERT((unsigned long)sl3e % (4 * sizeof (shadow_l3e_t)) == 0); 
     1.9      for ( i = 0; i < GUEST_L3_PAGETABLE_ENTRIES; i++ ) 
    1.10          if ( shadow_l3e_get_flags(sl3e[i]) & _PAGE_PRESENT ) 
    1.11 -            sh_put_ref(v, shadow_l3e_get_mfn(sl3e[i]),
    1.12 -                        maddr_from_mapped_domain_page(sl3e));
    1.13 +            shadow_set_l3e(v, &sl3e[i], shadow_l3e_empty(), sl3mfn);
    1.14  }
    1.15  #endif
    1.16