ia64/xen-unstable

changeset 3773:9ee09144e830

bitkeeper revision 1.1170 (420b96e4lQdbo7fzNNwrsgmrzMJExQ)

Merge douglas.cl.cam.ac.uk:/auto/groups/xeno-xenod/BK/xeno.bk
into douglas.cl.cam.ac.uk:/local/scratch/sos22/xendbng/xeno.bk
author sos22@douglas.cl.cam.ac.uk
date Thu Feb 10 17:16:20 2005 +0000 (2005-02-10)
parents 677aebca60b9 26ba37bce96e
children 09ef8bf5a916 d9449b5a8d64
files linux-2.4.29-xen-sparse/arch/xen/kernel/setup.c linux-2.4.29-xen-sparse/include/asm-xen/page.h linux-2.4.29-xen-sparse/include/asm-xen/pgtable-2level.h linux-2.6.10-xen-sparse/arch/xen/i386/kernel/setup.c linux-2.6.10-xen-sparse/arch/xen/kernel/reboot.c linux-2.6.10-xen-sparse/include/asm-xen/asm-i386/page.h linux-2.6.10-xen-sparse/include/asm-xen/asm-i386/pgtable-2level.h xen/arch/x86/domain.c xen/arch/x86/x86_32/domain_build.c xen/arch/x86/x86_64/domain_build.c xen/arch/x86/x86_64/mm.c xen/include/asm-x86/mm.h xen/include/asm-x86/shadow.h xen/include/public/arch-x86_32.h xen/include/public/arch-x86_64.h
line diff
     1.1 --- a/linux-2.4.29-xen-sparse/arch/xen/kernel/setup.c	Thu Feb 10 17:16:04 2005 +0000
     1.2 +++ b/linux-2.4.29-xen-sparse/arch/xen/kernel/setup.c	Thu Feb 10 17:16:20 2005 +0000
     1.3 @@ -60,7 +60,7 @@ static int errno;
     1.4   */
     1.5  shared_info_t *HYPERVISOR_shared_info = (shared_info_t *)empty_zero_page;
     1.6  
     1.7 -unsigned long *phys_to_machine_mapping, *pfn_to_mfn_frame_list;
     1.8 +unsigned int *phys_to_machine_mapping, *pfn_to_mfn_frame_list;
     1.9  
    1.10  DEFINE_PER_CPU(multicall_entry_t, multicall_list[8]);
    1.11  DEFINE_PER_CPU(int, nr_multicall_ents);
    1.12 @@ -327,7 +327,7 @@ void __init setup_arch(char **cmdline_p)
    1.13      }
    1.14  #endif
    1.15  
    1.16 -    phys_to_machine_mapping = (unsigned long *)xen_start_info.mfn_list;
    1.17 +    phys_to_machine_mapping = (unsigned int *)xen_start_info.mfn_list;
    1.18      cur_pgd = init_mm.pgd = (pgd_t *)xen_start_info.pt_base;
    1.19  
    1.20      start_pfn = (__pa(xen_start_info.pt_base) >> PAGE_SHIFT) + 
    1.21 @@ -382,7 +382,7 @@ void __init setup_arch(char **cmdline_p)
    1.22      {
    1.23          phys_to_machine_mapping = alloc_bootmem_low_pages(
    1.24              max_pfn * sizeof(unsigned long));
    1.25 -        memset(phys_to_machine_mapping, ~0, max_pfn * sizeof(unsigned long));
    1.26 +        memset(phys_to_machine_mapping, ~0, max_pfn * sizeof(unsigned int));
    1.27          memcpy(phys_to_machine_mapping,
    1.28                 (unsigned long *)xen_start_info.mfn_list,
    1.29                 xen_start_info.nr_pages * sizeof(unsigned long));
     2.1 --- a/linux-2.4.29-xen-sparse/include/asm-xen/page.h	Thu Feb 10 17:16:04 2005 +0000
     2.2 +++ b/linux-2.4.29-xen-sparse/include/asm-xen/page.h	Thu Feb 10 17:16:20 2005 +0000
     2.3 @@ -43,9 +43,9 @@
     2.4  #define copy_user_page(to, from, vaddr)	copy_page(to, from)
     2.5  
     2.6  /**** MACHINE <-> PHYSICAL CONVERSION MACROS ****/
     2.7 -extern unsigned long *phys_to_machine_mapping;
     2.8 -#define pfn_to_mfn(_pfn) (phys_to_machine_mapping[(_pfn)])
     2.9 -#define mfn_to_pfn(_mfn) (machine_to_phys_mapping[(_mfn)])
    2.10 +extern unsigned int *phys_to_machine_mapping;
    2.11 +#define pfn_to_mfn(_pfn) ((unsigned long)(phys_to_machine_mapping[(_pfn)]))
    2.12 +#define mfn_to_pfn(_mfn) ((unsigned long)(machine_to_phys_mapping[(_mfn)]))
    2.13  static inline unsigned long phys_to_machine(unsigned long phys)
    2.14  {
    2.15      unsigned long machine = pfn_to_mfn(phys >> PAGE_SHIFT);
     3.1 --- a/linux-2.4.29-xen-sparse/include/asm-xen/pgtable-2level.h	Thu Feb 10 17:16:04 2005 +0000
     3.2 +++ b/linux-2.4.29-xen-sparse/include/asm-xen/pgtable-2level.h	Thu Feb 10 17:16:20 2005 +0000
     3.3 @@ -69,7 +69,7 @@ static inline pmd_t * pmd_offset(pgd_t *
     3.4   *      require. In all the cases we care about, the high bit gets shifted out
     3.5   *      (e.g., phys_to_machine()) so behaviour there is correct.
     3.6   */
     3.7 -#define INVALID_P2M_ENTRY (~0UL)
     3.8 +#define INVALID_P2M_ENTRY (~0U)
     3.9  #define FOREIGN_FRAME(_m) ((_m) | (1UL<<((sizeof(unsigned long)*8)-1)))
    3.10  #define pte_page(_pte)                                        \
    3.11  ({                                                            \
     4.1 --- a/linux-2.6.10-xen-sparse/arch/xen/i386/kernel/setup.c	Thu Feb 10 17:16:04 2005 +0000
     4.2 +++ b/linux-2.6.10-xen-sparse/arch/xen/i386/kernel/setup.c	Thu Feb 10 17:16:20 2005 +0000
     4.3 @@ -345,7 +345,7 @@ static void __init probe_roms(void)
     4.4  shared_info_t *HYPERVISOR_shared_info = (shared_info_t *)empty_zero_page;
     4.5  EXPORT_SYMBOL(HYPERVISOR_shared_info);
     4.6  
     4.7 -unsigned long *phys_to_machine_mapping, *pfn_to_mfn_frame_list;
     4.8 +unsigned int *phys_to_machine_mapping, *pfn_to_mfn_frame_list;
     4.9  EXPORT_SYMBOL(phys_to_machine_mapping);
    4.10  
    4.11  DEFINE_PER_CPU(multicall_entry_t, multicall_list[8]);
    4.12 @@ -1142,7 +1142,7 @@ static unsigned long __init setup_memory
    4.13  	}
    4.14  #endif
    4.15  
    4.16 -	phys_to_machine_mapping = (unsigned long *)xen_start_info.mfn_list;
    4.17 +	phys_to_machine_mapping = (unsigned int *)xen_start_info.mfn_list;
    4.18  
    4.19  	return max_low_pfn;
    4.20  }
     5.1 --- a/linux-2.6.10-xen-sparse/arch/xen/kernel/reboot.c	Thu Feb 10 17:16:04 2005 +0000
     5.2 +++ b/linux-2.6.10-xen-sparse/arch/xen/kernel/reboot.c	Thu Feb 10 17:16:20 2005 +0000
     5.3 @@ -80,7 +80,7 @@ static void __do_suspend(void)
     5.4      extern void time_suspend(void);
     5.5      extern void time_resume(void);
     5.6      extern unsigned long max_pfn;
     5.7 -    extern unsigned long *pfn_to_mfn_frame_list;
     5.8 +    extern unsigned int *pfn_to_mfn_frame_list;
     5.9  
    5.10      suspend_record = (suspend_record_t *)__get_free_page(GFP_KERNEL);
    5.11      if ( suspend_record == NULL )
     6.1 --- a/linux-2.6.10-xen-sparse/include/asm-xen/asm-i386/page.h	Thu Feb 10 17:16:04 2005 +0000
     6.2 +++ b/linux-2.6.10-xen-sparse/include/asm-xen/asm-i386/page.h	Thu Feb 10 17:16:20 2005 +0000
     6.3 @@ -55,9 +55,9 @@
     6.4  #define copy_user_page(to, from, vaddr, pg)	copy_page(to, from)
     6.5  
     6.6  /**** MACHINE <-> PHYSICAL CONVERSION MACROS ****/
     6.7 -extern unsigned long *phys_to_machine_mapping;
     6.8 -#define pfn_to_mfn(_pfn) (phys_to_machine_mapping[(_pfn)])
     6.9 -#define mfn_to_pfn(_mfn) (machine_to_phys_mapping[(_mfn)])
    6.10 +extern unsigned int *phys_to_machine_mapping;
    6.11 +#define pfn_to_mfn(_pfn) ((unsigned long)(phys_to_machine_mapping[(_pfn)]))
    6.12 +#define mfn_to_pfn(_mfn) ((unsigned long)(machine_to_phys_mapping[(_mfn)]))
    6.13  static inline unsigned long phys_to_machine(unsigned long phys)
    6.14  {
    6.15  	unsigned long machine = pfn_to_mfn(phys >> PAGE_SHIFT);
     7.1 --- a/linux-2.6.10-xen-sparse/include/asm-xen/asm-i386/pgtable-2level.h	Thu Feb 10 17:16:04 2005 +0000
     7.2 +++ b/linux-2.6.10-xen-sparse/include/asm-xen/asm-i386/pgtable-2level.h	Thu Feb 10 17:16:20 2005 +0000
     7.3 @@ -92,7 +92,7 @@ static inline pte_t ptep_get_and_clear(p
     7.4   *      require. In all the cases we care about, the high bit gets shifted out
     7.5   *      (e.g., phys_to_machine()) so behaviour there is correct.
     7.6   */
     7.7 -#define INVALID_P2M_ENTRY (~0UL)
     7.8 +#define INVALID_P2M_ENTRY (~0U)
     7.9  #define FOREIGN_FRAME(_m) ((_m) | (1UL<<((sizeof(unsigned long)*8)-1)))
    7.10  #define pte_pfn(_pte)							\
    7.11  ({									\
     8.1 --- a/xen/arch/x86/domain.c	Thu Feb 10 17:16:04 2005 +0000
     8.2 +++ b/xen/arch/x86/domain.c	Thu Feb 10 17:16:20 2005 +0000
     8.3 @@ -271,12 +271,12 @@ void arch_do_createdomain(struct exec_do
     8.4          ed->vcpu_info = &d->shared_info->vcpu_data[ed->eid];
     8.5          SHARE_PFN_WITH_DOMAIN(virt_to_page(d->shared_info), d);
     8.6          machine_to_phys_mapping[virt_to_phys(d->shared_info) >> 
     8.7 -                               PAGE_SHIFT] = INVALID_P2M_ENTRY;
     8.8 +                               PAGE_SHIFT] = INVALID_M2P_ENTRY;
     8.9  
    8.10          d->arch.mm_perdomain_pt = (l1_pgentry_t *)alloc_xenheap_page();
    8.11          memset(d->arch.mm_perdomain_pt, 0, PAGE_SIZE);
    8.12          machine_to_phys_mapping[virt_to_phys(d->arch.mm_perdomain_pt) >> 
    8.13 -                               PAGE_SHIFT] = INVALID_P2M_ENTRY;
    8.14 +                               PAGE_SHIFT] = INVALID_M2P_ENTRY;
    8.15          ed->arch.perdomain_ptes = d->arch.mm_perdomain_pt;
    8.16  
    8.17  #ifdef __x86_64__
    8.18 @@ -687,7 +687,8 @@ long do_switch_to_user(void)
    8.19      struct switch_to_user  stu;
    8.20      struct exec_domain    *ed = current;
    8.21  
    8.22 -    if ( unlikely(copy_from_user(&stu, (void *)regs->rsp, sizeof(stu))) )
    8.23 +    if ( unlikely(copy_from_user(&stu, (void *)regs->rsp, sizeof(stu))) ||
    8.24 +         unlikely(pagetable_val(ed->arch.pagetable_user) == 0) )
    8.25          return -EFAULT;
    8.26  
    8.27      ed->arch.flags &= ~TF_kernel_mode;
     9.1 --- a/xen/arch/x86/x86_32/domain_build.c	Thu Feb 10 17:16:04 2005 +0000
     9.2 +++ b/xen/arch/x86/x86_32/domain_build.c	Thu Feb 10 17:16:20 2005 +0000
     9.3 @@ -116,7 +116,7 @@ int construct_dom0(struct domain *d,
     9.4      vinitrd_start    = round_pgup(dsi.v_kernend);
     9.5      vinitrd_end      = vinitrd_start + initrd_len;
     9.6      vphysmap_start   = round_pgup(vinitrd_end);
     9.7 -    vphysmap_end     = vphysmap_start + (nr_pages * sizeof(unsigned long));
     9.8 +    vphysmap_end     = vphysmap_start + (nr_pages * sizeof(u32));
     9.9      vpt_start        = round_pgup(vphysmap_end);
    9.10      for ( nr_pt_pages = 2; ; nr_pt_pages++ )
    9.11      {
    9.12 @@ -337,7 +337,7 @@ int construct_dom0(struct domain *d,
    9.13          if ( pfn > REVERSE_START )
    9.14              mfn = (alloc_end>>PAGE_SHIFT) - (pfn - REVERSE_START);
    9.15  #endif
    9.16 -        ((unsigned long *)vphysmap_start)[pfn] = mfn;
    9.17 +        ((u32 *)vphysmap_start)[pfn] = mfn;
    9.18          machine_to_phys_mapping[mfn] = pfn;
    9.19      }
    9.20  
    10.1 --- a/xen/arch/x86/x86_64/domain_build.c	Thu Feb 10 17:16:04 2005 +0000
    10.2 +++ b/xen/arch/x86/x86_64/domain_build.c	Thu Feb 10 17:16:20 2005 +0000
    10.3 @@ -119,7 +119,7 @@ int construct_dom0(struct domain *d,
    10.4      vinitrd_start    = round_pgup(dsi.v_kernend);
    10.5      vinitrd_end      = vinitrd_start + initrd_len;
    10.6      vphysmap_start   = round_pgup(vinitrd_end);
    10.7 -    vphysmap_end     = vphysmap_start + (nr_pages * sizeof(unsigned long));
    10.8 +    vphysmap_end     = vphysmap_start + (nr_pages * sizeof(u32));
    10.9      vpt_start        = round_pgup(vphysmap_end);
   10.10      for ( nr_pt_pages = 2; ; nr_pt_pages++ )
   10.11      {
   10.12 @@ -358,7 +358,7 @@ int construct_dom0(struct domain *d,
   10.13          if ( pfn > REVERSE_START )
   10.14              mfn = (alloc_end>>PAGE_SHIFT) - (pfn - REVERSE_START);
   10.15  #endif
   10.16 -        ((unsigned long *)vphysmap_start)[pfn] = mfn;
   10.17 +        ((u32 *)vphysmap_start)[pfn] = mfn;
   10.18          machine_to_phys_mapping[mfn] = pfn;
   10.19      }
   10.20  
    11.1 --- a/xen/arch/x86/x86_64/mm.c	Thu Feb 10 17:16:04 2005 +0000
    11.2 +++ b/xen/arch/x86/x86_64/mm.c	Thu Feb 10 17:16:20 2005 +0000
    11.3 @@ -115,8 +115,8 @@ void __set_fixmap(
    11.4  
    11.5  void __init paging_init(void)
    11.6  {
    11.7 -    void *newpt;
    11.8      unsigned long i, p, max;
    11.9 +    l3_pgentry_t *l3rw, *l3ro;
   11.10  
   11.11      /* Map all of physical memory. */
   11.12      max = ((max_page + L1_PAGETABLE_ENTRIES - 1) & 
   11.13 @@ -134,25 +134,32 @@ void __init paging_init(void)
   11.14          if ( p == 0 )
   11.15              panic("Not enough memory for m2p table\n");
   11.16          map_pages(idle_pg_table, RDWR_MPT_VIRT_START + i*8, p, 
   11.17 -                  1UL << L2_PAGETABLE_SHIFT, PAGE_HYPERVISOR);
   11.18 +                  1UL << L2_PAGETABLE_SHIFT, PAGE_HYPERVISOR | _PAGE_USER);
   11.19          memset((void *)(RDWR_MPT_VIRT_START + i*8), 0x55,
   11.20                 1UL << L2_PAGETABLE_SHIFT);
   11.21      }
   11.22  
   11.23 +    /*
   11.24 +     * Above we mapped the M2P table as user-accessible and read-writable.
   11.25 +     * Fix security by denying user access at the top level of the page table.
   11.26 +     */
   11.27 +    idle_pg_table[l4_table_offset(RDWR_MPT_VIRT_START)] =
   11.28 +        mk_l4_pgentry(l4_pgentry_val(
   11.29 +            idle_pg_table[l4_table_offset(RDWR_MPT_VIRT_START)]) & 
   11.30 +                      ~_PAGE_USER);
   11.31 +
   11.32      /* Create read-only mapping of MPT for guest-OS use. */
   11.33 -    newpt = (void *)alloc_xenheap_page();
   11.34 -    clear_page(newpt);
   11.35 +    l3ro = (l3_pgentry_t *)alloc_xenheap_page();
   11.36 +    clear_page(l3ro);
   11.37      idle_pg_table[l4_table_offset(RO_MPT_VIRT_START)] =
   11.38 -        mk_l4_pgentry((__pa(newpt) | __PAGE_HYPERVISOR | _PAGE_USER) &
   11.39 +        mk_l4_pgentry((__pa(l3ro) | __PAGE_HYPERVISOR | _PAGE_USER) &
   11.40                        ~_PAGE_RW);
   11.41      /* Copy the L3 mappings from the RDWR_MPT area. */
   11.42 -    p  = l4_pgentry_val(idle_pg_table[l4_table_offset(RDWR_MPT_VIRT_START)]);
   11.43 -    p &= PAGE_MASK;
   11.44 -    p += l3_table_offset(RDWR_MPT_VIRT_START) * sizeof(l3_pgentry_t);
   11.45 -    newpt = (void *)((unsigned long)newpt +
   11.46 -                     (l3_table_offset(RO_MPT_VIRT_START) *
   11.47 -                      sizeof(l3_pgentry_t)));
   11.48 -    memcpy(newpt, __va(p),
   11.49 +    l3rw = l4_pgentry_to_l3(
   11.50 +        idle_pg_table[l4_table_offset(RDWR_MPT_VIRT_START)]);
   11.51 +    l3rw += l3_table_offset(RDWR_MPT_VIRT_START);
   11.52 +    l3ro += l3_table_offset(RO_MPT_VIRT_START);
   11.53 +    memcpy(l3ro, l3rw,
   11.54             (RDWR_MPT_VIRT_END - RDWR_MPT_VIRT_START) >> L3_PAGETABLE_SHIFT);
   11.55  
   11.56      /* Set up linear page table mapping. */
    12.1 --- a/xen/include/asm-x86/mm.h	Thu Feb 10 17:16:04 2005 +0000
    12.2 +++ b/xen/include/asm-x86/mm.h	Thu Feb 10 17:16:20 2005 +0000
    12.3 @@ -128,8 +128,6 @@ static inline u32 pickle_domptr(struct d
    12.4          spin_unlock(&(_dom)->page_alloc_lock);                              \
    12.5      } while ( 0 )
    12.6  
    12.7 -#define INVALID_P2M_ENTRY (~0UL)
    12.8 -
    12.9  extern struct pfn_info *frame_table;
   12.10  extern unsigned long frame_table_size;
   12.11  extern unsigned long max_page;
   12.12 @@ -231,15 +229,16 @@ void synchronise_pagetables(unsigned lon
   12.13   * contiguous (or near contiguous) physical memory.
   12.14   */
   12.15  #undef  machine_to_phys_mapping
   12.16 +#define machine_to_phys_mapping ((u32 *)RDWR_MPT_VIRT_START)
   12.17 +#define INVALID_M2P_ENTRY        (~0U)
   12.18 +#define IS_INVALID_M2P_ENTRY(_e) (!!((_e) & (1U<<31)))
   12.19  
   12.20  /*
   12.21   * The phys_to_machine_mapping is the reversed mapping of MPT for full
   12.22   * virtualization.
   12.23   */
   12.24 -#undef  phys_to_machine_mapping
   12.25 +#define __phys_to_machine_mapping ((unsigned long *)PERDOMAIN_VIRT_START)
   12.26  
   12.27 -#define machine_to_phys_mapping ((unsigned long *)RDWR_MPT_VIRT_START)
   12.28 -#define __phys_to_machine_mapping ((unsigned long *)PERDOMAIN_VIRT_START)
   12.29  /* Returns the machine physical */
   12.30  static inline unsigned long phys_to_machine_mapping(unsigned long pfn) 
   12.31  {
    13.1 --- a/xen/include/asm-x86/shadow.h	Thu Feb 10 17:16:04 2005 +0000
    13.2 +++ b/xen/include/asm-x86/shadow.h	Thu Feb 10 17:16:20 2005 +0000
    13.3 @@ -181,7 +181,7 @@ static inline int __mark_dirty(struct do
    13.4       * domain's pseudo-physical memory map (e.g., the shared info frame).
    13.5       * Nothing to do here...
    13.6       */
    13.7 -    if ( unlikely(pfn & 0x80000000UL) )
    13.8 +    if ( unlikely(IS_INVALID_M2P_ENTRY(pfn)) )
    13.9          return rc;
   13.10  
   13.11      if ( likely(pfn < d->arch.shadow_dirty_bitmap_size) )
    14.1 --- a/xen/include/public/arch-x86_32.h	Thu Feb 10 17:16:04 2005 +0000
    14.2 +++ b/xen/include/public/arch-x86_32.h	Thu Feb 10 17:16:20 2005 +0000
    14.3 @@ -71,7 +71,7 @@
    14.4   */
    14.5  #define HYPERVISOR_VIRT_START (0xFC000000UL)
    14.6  #ifndef machine_to_phys_mapping
    14.7 -#define machine_to_phys_mapping ((unsigned long *)HYPERVISOR_VIRT_START)
    14.8 +#define machine_to_phys_mapping ((u32 *)HYPERVISOR_VIRT_START)
    14.9  #endif
   14.10  
   14.11  #ifndef __ASSEMBLY__
    15.1 --- a/xen/include/public/arch-x86_64.h	Thu Feb 10 17:16:04 2005 +0000
    15.2 +++ b/xen/include/public/arch-x86_64.h	Thu Feb 10 17:16:20 2005 +0000
    15.3 @@ -81,7 +81,7 @@
    15.4  
    15.5  /* The machine->physical mapping table starts at this address, read-only. */
    15.6  #ifndef machine_to_phys_mapping
    15.7 -#define machine_to_phys_mapping ((unsigned long *)HYPERVISOR_VIRT_START)
    15.8 +#define machine_to_phys_mapping ((u32 *)HYPERVISOR_VIRT_START)
    15.9  #endif
   15.10  
   15.11  /*