ia64/xen-unstable

changeset 10891:e351aace191e

[LINUX] Do not early-unpin pagetables that contain foreign mappings.
This fixes a bug whereby foreign pages were freed by the unpin, which
then become owned by the local domain before it destroys its ptes.
It therefore (erroneously) detects the mappings as local and so
updates reference counts, leading to crashes.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Tue Aug 01 15:48:48 2006 +0100 (2006-08-01)
parents b786bfb058eb
children 0d2ba35c0cf2
files linux-2.6-xen-sparse/arch/i386/kernel/ldt-xen.c linux-2.6-xen-sparse/arch/i386/mm/ioremap-xen.c linux-2.6-xen-sparse/arch/i386/mm/pgtable-xen.c linux-2.6-xen-sparse/arch/x86_64/mm/pageattr-xen.c linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/mmu.h linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/asm/mmu.h
line diff
     1.1 --- a/linux-2.6-xen-sparse/arch/i386/kernel/ldt-xen.c	Tue Aug 01 15:28:09 2006 +0100
     1.2 +++ b/linux-2.6-xen-sparse/arch/i386/kernel/ldt-xen.c	Tue Aug 01 15:48:48 2006 +0100
     1.3 @@ -109,6 +109,7 @@ int init_new_context(struct task_struct 
     1.4  
     1.5  	init_MUTEX(&mm->context.sem);
     1.6  	mm->context.size = 0;
     1.7 +	mm->context.has_foreign_mappings = 0;
     1.8  	old_mm = current->mm;
     1.9  	if (old_mm && old_mm->context.size > 0) {
    1.10  		down(&old_mm->context.sem);
     2.1 --- a/linux-2.6-xen-sparse/arch/i386/mm/ioremap-xen.c	Tue Aug 01 15:28:09 2006 +0100
     2.2 +++ b/linux-2.6-xen-sparse/arch/i386/mm/ioremap-xen.c	Tue Aug 01 15:48:48 2006 +0100
     2.3 @@ -126,6 +126,8 @@ int direct_remap_pfn_range(struct vm_are
     2.4  	if (domid == DOMID_SELF)
     2.5  		return -EINVAL;
     2.6  
     2.7 +	vma->vm_mm->context.has_foreign_mappings = 1;
     2.8 +
     2.9  	return __direct_remap_pfn_range(
    2.10  		vma->vm_mm, address, mfn, size, prot, domid);
    2.11  }
     3.1 --- a/linux-2.6-xen-sparse/arch/i386/mm/pgtable-xen.c	Tue Aug 01 15:28:09 2006 +0100
     3.2 +++ b/linux-2.6-xen-sparse/arch/i386/mm/pgtable-xen.c	Tue Aug 01 15:48:48 2006 +0100
     3.3 @@ -694,6 +694,7 @@ void _arch_exit_mmap(struct mm_struct *m
     3.4  	task_unlock(tsk);
     3.5  
     3.6  	if (test_bit(PG_pinned, &virt_to_page(mm->pgd)->flags) &&
     3.7 -	    (atomic_read(&mm->mm_count) == 1))
     3.8 +	    (atomic_read(&mm->mm_count) == 1) &&
     3.9 +	    !mm->context.has_foreign_mappings)
    3.10  		mm_unpin(mm);
    3.11  }
     4.1 --- a/linux-2.6-xen-sparse/arch/x86_64/mm/pageattr-xen.c	Tue Aug 01 15:28:09 2006 +0100
     4.2 +++ b/linux-2.6-xen-sparse/arch/x86_64/mm/pageattr-xen.c	Tue Aug 01 15:48:48 2006 +0100
     4.3 @@ -159,7 +159,8 @@ void _arch_exit_mmap(struct mm_struct *m
     4.4  
     4.5      task_unlock(tsk);
     4.6  
     4.7 -    if ( mm->context.pinned && (atomic_read(&mm->mm_count) == 1) )
     4.8 +    if ( mm->context.pinned && (atomic_read(&mm->mm_count) == 1) &&
     4.9 +         !mm->context.has_foreign_mappings )
    4.10          mm_unpin(mm);
    4.11  }
    4.12  
     5.1 --- a/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/mmu.h	Tue Aug 01 15:28:09 2006 +0100
     5.2 +++ b/linux-2.6-xen-sparse/include/asm-i386/mach-xen/asm/mmu.h	Tue Aug 01 15:48:48 2006 +0100
     5.3 @@ -12,6 +12,9 @@ typedef struct {
     5.4  	int size;
     5.5  	struct semaphore sem;
     5.6  	void *ldt;
     5.7 +#ifdef CONFIG_XEN
     5.8 +	int has_foreign_mappings;
     5.9 +#endif
    5.10  } mm_context_t;
    5.11  
    5.12  /* mm/memory.c:exit_mmap hook */
     6.1 --- a/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/asm/mmu.h	Tue Aug 01 15:28:09 2006 +0100
     6.2 +++ b/linux-2.6-xen-sparse/include/asm-x86_64/mach-xen/asm/mmu.h	Tue Aug 01 15:48:48 2006 +0100
     6.3 @@ -17,6 +17,7 @@ typedef struct {
     6.4  	struct semaphore sem; 
     6.5  #ifdef CONFIG_XEN
     6.6  	unsigned pinned:1;
     6.7 +	unsigned has_foreign_mappings:1;
     6.8  	struct list_head unpinned;
     6.9  #endif
    6.10  } mm_context_t;