ia64/xen-unstable

changeset 15857:f16bff0934d7

find changesets by author, revision, files, or words in the commit message
merge with xen-unstable.hg (staging)
author Alex Williamson <alex.williamson@hp.com>
date Fri Sep 07 13:56:50 2007 -0600 (2007-09-07)
parents 192f2df46e67 a53aaea4c698
children 1c392e192379
files tools/libxc/xenctrl.h
line diff
     1.1 --- a/tools/Makefile	Thu Sep 06 15:04:07 2007 -0600
     1.2 +++ b/tools/Makefile	Fri Sep 07 13:56:50 2007 -0600
     1.3 @@ -10,7 +10,7 @@ SUBDIRS-y += examples
     1.4  SUBDIRS-y += xentrace
     1.5  SUBDIRS-$(CONFIG_XCUTILS) += xcutils
     1.6  SUBDIRS-$(CONFIG_X86) += firmware
     1.7 -SUBDIRS-y += security
     1.8 +SUBDIRS-$(ACM_SECURITY) += security
     1.9  SUBDIRS-y += console
    1.10  SUBDIRS-y += xenmon
    1.11  SUBDIRS-y += guest-headers

     2.1 --- a/tools/check/Makefile	Thu Sep 06 15:04:07 2007 -0600
     2.2 +++ b/tools/check/Makefile	Fri Sep 07 13:56:50 2007 -0600
     2.3 @@ -7,7 +7,7 @@ all: build
     2.4  # Check this machine is OK for building on.
     2.5  .PHONY: build
     2.6  build:
     2.7 -	XENFB_TOOLS=$(XENFB_TOOLS) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) ./chk build
     2.8 +	XENFB_TOOLS=$(XENFB_TOOLS) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) ACM_SECURITY=$(ACM_SECURITY) ./chk build
     2.9  
    2.10  # Check this machine is OK for installing on.
    2.11  # DO NOT use this check from 'make install' in the parent
    2.12 @@ -15,7 +15,7 @@ build:
    2.13  # copy rather than actually installing.
    2.14  .PHONY: install
    2.15  install:
    2.16 -	XENFB_TOOLS=$(XENFB_TOOLS) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) ./chk install
    2.17 +	XENFB_TOOLS=$(XENFB_TOOLS) LIBXENAPI_BINDINGS=$(LIBXENAPI_BINDINGS) ACM_SECURITY=$(ACM_SECURITY) ./chk install
    2.18  
    2.19  .PHONY: clean
    2.20  clean:

     3.1 --- a/tools/check/check_xml2	Thu Sep 06 15:04:07 2007 -0600
     3.2 +++ b/tools/check/check_xml2	Fri Sep 07 13:56:50 2007 -0600
     3.3 @@ -1,7 +1,7 @@
     3.4  #!/bin/sh
     3.5  # CHECK-BUILD CHECK-INSTALL
     3.6  
     3.7 -if [ ! "$LIBXENAPI_BINDINGS" = "y" ]
     3.8 +if [ ! "$LIBXENAPI_BINDINGS" = "y" -a ! "$ACM_SECURITY" = "y" ]
     3.9  then
    3.10      echo -n "unused, "
    3.11      exit 0

     4.1 --- a/tools/ioemu/hw/cirrus_vga.c	Thu Sep 06 15:04:07 2007 -0600
     4.2 +++ b/tools/ioemu/hw/cirrus_vga.c	Fri Sep 07 13:56:50 2007 -0600
     4.3 @@ -2565,7 +2565,7 @@ static void *set_vram_mapping(unsigned l
     4.4          return NULL;
     4.5      }
     4.6  
     4.7 -    vram_pointer = xc_map_foreign_batch(xc_handle, domid,
     4.8 +    vram_pointer = xc_map_foreign_pages(xc_handle, domid,
     4.9                                          PROT_READ|PROT_WRITE,
    4.10                                          extent_start, nr_extents);
    4.11      if (vram_pointer == NULL) {

     5.1 --- a/tools/ioemu/vl.c	Thu Sep 06 15:04:07 2007 -0600
     5.2 +++ b/tools/ioemu/vl.c	Fri Sep 07 13:56:50 2007 -0600
     5.3 @@ -6948,7 +6948,7 @@ static void qemu_remap_bucket(struct map
     5.4          j = ((i + BITS_PER_LONG) > (MCACHE_BUCKET_SIZE >> PAGE_SHIFT)) ?
     5.5              (MCACHE_BUCKET_SIZE >> PAGE_SHIFT) % BITS_PER_LONG : BITS_PER_LONG;
     5.6          while (j > 0)
     5.7 -            word = (word << 1) | !(pfns[i + --j] & 0xF0000000UL);
     5.8 +            word = (word << 1) | (((pfns[i + --j] >> 28) & 0xf) != 0xf);
     5.9          entry->valid_mapping[i / BITS_PER_LONG] = word;
    5.10      }
    5.11  }

     6.1 --- a/tools/libxc/xc_misc.c	Thu Sep 06 15:04:07 2007 -0600
     6.2 +++ b/tools/libxc/xc_misc.c	Fri Sep 07 13:56:50 2007 -0600
     6.3 @@ -226,6 +226,39 @@ int xc_hvm_set_pci_link_route(
     6.4      return rc;
     6.5  }
     6.6  
     6.7 +void *xc_map_foreign_pages(int xc_handle, uint32_t dom, int prot,
     6.8 +                           const xen_pfn_t *arr, int num)
     6.9 +{
    6.10 +    xen_pfn_t *pfn;
    6.11 +    void *res;
    6.12 +    int i;
    6.13 +
    6.14 +    pfn = malloc(num * sizeof(*pfn));
    6.15 +    if (!pfn)
    6.16 +        return NULL;
    6.17 +    memcpy(pfn, arr, num * sizeof(*pfn));
    6.18 +
    6.19 +    res = xc_map_foreign_batch(xc_handle, dom, prot, pfn, num);
    6.20 +    if (res) {
    6.21 +        for (i = 0; i < num; i++) {
    6.22 +            if ((pfn[i] & 0xF0000000UL) == 0xF0000000UL) {
    6.23 +                /*
    6.24 +                 * xc_map_foreign_batch() doesn't give us an error
    6.25 +                 * code, so we have to make one up.  May not be the
    6.26 +                 * appropriate one.
    6.27 +                 */
    6.28 +                errno = EINVAL;
    6.29 +                munmap(res, num * PAGE_SIZE);
    6.30 +                res = NULL;
    6.31 +                break;
    6.32 +            }
    6.33 +        }
    6.34 +    }
    6.35 +
    6.36 +    free(pfn);
    6.37 +    return res;
    6.38 +}
    6.39 +
    6.40  /*
    6.41   * Local variables:
    6.42   * mode: C

     7.1 --- a/tools/libxc/xenctrl.h	Thu Sep 06 15:04:07 2007 -0600
     7.2 +++ b/tools/libxc/xenctrl.h	Fri Sep 07 13:56:50 2007 -0600
     7.3 @@ -646,6 +646,14 @@ void *xc_map_foreign_range(int xc_handle
     7.4                              int size, int prot,
     7.5                              unsigned long mfn );
     7.6  
     7.7 +void *xc_map_foreign_pages(int xc_handle, uint32_t dom, int prot,
     7.8 +                           const xen_pfn_t *arr, int num );
     7.9 +
    7.10 +/**
    7.11 + * Like xc_map_foreign_pages(), except it can succeeed partially.
    7.12 + * When a page cannot be mapped, its PFN in @arr is or'ed with
    7.13 + * 0xF0000000 to indicate the error.
    7.14 + */
    7.15  void *xc_map_foreign_batch(int xc_handle, uint32_t dom, int prot,
    7.16                             xen_pfn_t *arr, int num );
    7.17  

     8.1 --- a/tools/python/xen/xend/XendDomain.py	Thu Sep 06 15:04:07 2007 -0600
     8.2 +++ b/tools/python/xen/xend/XendDomain.py	Fri Sep 07 13:56:50 2007 -0600
     8.3 @@ -1594,10 +1594,10 @@ class XendDomain:
     8.4              raise VMBadState("Domain '%s' is not started" % domid,
     8.5                               POWER_STATE_NAMES[DOM_STATE_RUNNING],
     8.6                               POWER_STATE_NAMES[dominfo._stateGet()])
     8.7 -        if trigger_name.lower() in TRIGGER_TYPE: 
     8.8 +        if trigger_name.lower() in TRIGGER_TYPE.keys(): 
     8.9              trigger = TRIGGER_TYPE[trigger_name.lower()]
    8.10          else:
    8.11 -            raise XendError("Invalid trigger: %s", trigger_name)
    8.12 +            raise XendError("Invalid trigger: %s" % trigger_name)
    8.13          try:
    8.14              return xc.domain_send_trigger(dominfo.getDomid(),
    8.15                                            trigger,

     9.1 --- a/tools/python/xen/xend/XendDomainInfo.py	Thu Sep 06 15:04:07 2007 -0600
     9.2 +++ b/tools/python/xen/xend/XendDomainInfo.py	Fri Sep 07 13:56:50 2007 -0600
     9.3 @@ -602,16 +602,16 @@ class XendDomainInfo:
     9.4                                      mac = x[1]
     9.5                                      break
     9.6                              break
     9.7 -                    dev_info = self.getDeviceInfo_vif(mac)
     9.8 +                    dev_info = self._getDeviceInfo_vif(mac)
     9.9                  else:
    9.10                      _, dev_info = sxprs[dev]
    9.11              else:  # 'vbd' or 'tap'
    9.12 -                dev_info = self.getDeviceInfo_vbd(dev)
    9.13 +                dev_info = self._getDeviceInfo_vbd(dev)
    9.14                  # To remove the UUID of the device from refs,
    9.15                  # deviceClass must be always 'vbd'.
    9.16                  deviceClass = 'vbd'
    9.17              if dev_info is None:
    9.18 -                return rc
    9.19 +                raise XendError("Device %s is not defined" % devid)
    9.20  
    9.21              dev_uuid = sxp.child_value(dev_info, 'uuid')
    9.22              del self.info['devices'][dev_uuid]
    9.23 @@ -632,14 +632,22 @@ class XendDomainInfo:
    9.24                      dev_num += 1
    9.25              return sxprs
    9.26  
    9.27 -    def getDeviceInfo_vif(self, mac):
    9.28 +    def getBlockDeviceClass(self, devid):
    9.29 +        # To get a device number from the devid,
    9.30 +        # we temporarily use the device controller of VBD.
    9.31 +        dev = self.getDeviceController('vbd').convertToDeviceNumber(devid)
    9.32 +        dev_info = self._getDeviceInfo_vbd(dev)
    9.33 +        if dev_info:
    9.34 +            return dev_info[0]
    9.35 +
    9.36 +    def _getDeviceInfo_vif(self, mac):
    9.37          for dev_type, dev_info in self.info.all_devices_sxpr():
    9.38              if dev_type != 'vif':
    9.39                  continue
    9.40              if mac == sxp.child_value(dev_info, 'mac'):
    9.41                  return dev_info
    9.42  
    9.43 -    def getDeviceInfo_vbd(self, devid):
    9.44 +    def _getDeviceInfo_vbd(self, devid):
    9.45          for dev_type, dev_info in self.info.all_devices_sxpr():
    9.46              if dev_type != 'vbd' and dev_type != 'tap':
    9.47                  continue
    9.48 @@ -1309,6 +1317,7 @@ class XendDomainInfo:
    9.49              try:
    9.50                  new_dom = XendDomain.instance().domain_create_from_dict(
    9.51                      self.info)
    9.52 +                new_dom.waitForDevices()
    9.53                  new_dom.unpause()
    9.54                  rst_cnt = self._readVm('xend/restart_count')
    9.55                  rst_cnt = int(rst_cnt) + 1

    10.1 --- a/tools/python/xen/xend/server/XMLRPCServer.py	Thu Sep 06 15:04:07 2007 -0600
    10.2 +++ b/tools/python/xen/xend/server/XMLRPCServer.py	Fri Sep 07 13:56:50 2007 -0600
    10.3 @@ -87,7 +87,7 @@ methods = ['device_create', 'device_conf
    10.4             'destroyDevice','getDeviceSxprs',
    10.5             'setMemoryTarget', 'setName', 'setVCpuCount', 'shutdown',
    10.6             'send_sysrq', 'getVCPUInfo', 'waitForDevices',
    10.7 -           'getRestartCount']
    10.8 +           'getRestartCount', 'getBlockDeviceClass']
    10.9  
   10.10  exclude = ['domain_create', 'domain_restore']
   10.11  

    11.1 --- a/tools/python/xen/xm/main.py	Thu Sep 06 15:04:07 2007 -0600
    11.2 +++ b/tools/python/xen/xm/main.py	Fri Sep 07 13:56:50 2007 -0600
    11.3 @@ -2217,12 +2217,13 @@ def xm_block_detach(args):
    11.4                                % (dev,dom))
    11.5      else:
    11.6          arg_check(args, 'block-detach', 2, 3)
    11.7 -        try:
    11.8 +        dom = args[0]
    11.9 +        dev = args[1]
   11.10 +        dc = server.xend.domain.getBlockDeviceClass(dom, dev)
   11.11 +        if dc == "tap":
   11.12 +            detach(args, 'tap')
   11.13 +        else:
   11.14              detach(args, 'vbd')
   11.15 -            return
   11.16 -        except:
   11.17 -            pass
   11.18 -        detach(args, 'tap')
   11.19  
   11.20  def xm_network_detach(args):
   11.21      if serverType == SERVER_XEN_API:

    12.1 --- a/tools/security/Makefile	Thu Sep 06 15:04:07 2007 -0600
    12.2 +++ b/tools/security/Makefile	Fri Sep 07 13:56:50 2007 -0600
    12.3 @@ -66,7 +66,7 @@ install: all $(ACM_CONFIG_FILE)
    12.4  	$(INSTALL_DIR) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
    12.5  	$(INSTALL_PROG) $(ACM_INST_CGI) $(DESTDIR)$(ACM_SECGEN_CGIDIR)
    12.6  ifndef XEN_PYTHON_NATIVE_INSTALL
    12.7 -	python python/setup.py install --home="$(DESTDIR)/usr" --install-lib="$(DESTDIR)$(LIBPATH)/python"
    12.8 +	python python/setup.py install --install-lib="$(DESTDIR)$(LIBPATH)/python"
    12.9  else
   12.10  	python python/setup.py install --root="$(DESTDIR)"
   12.11  endif

    13.1 --- a/tools/xenfb/xenfb.c	Thu Sep 06 15:04:07 2007 -0600
    13.2 +++ b/tools/xenfb/xenfb.c	Fri Sep 07 13:56:50 2007 -0600
    13.3 @@ -398,21 +398,15 @@ static int xenfb_map_fb(struct xenfb_pri
    13.4  	if (!pgmfns || !fbmfns)
    13.5  		goto out;
    13.6  
    13.7 -	/*
    13.8 -	 * Bug alert: xc_map_foreign_batch() can fail partly and
    13.9 -	 * return a non-null value.  This is a design flaw.  When it
   13.10 -	 * happens, we happily continue here, and later crash on
   13.11 -	 * access.
   13.12 -	 */
   13.13  	xenfb_copy_mfns(mode, n_fbdirs, pgmfns, pd);
   13.14 -	map = xc_map_foreign_batch(xenfb->xc, domid,
   13.15 +	map = xc_map_foreign_pages(xenfb->xc, domid,
   13.16  				   PROT_READ, pgmfns, n_fbdirs);
   13.17  	if (map == NULL)
   13.18  		goto out;
   13.19  	xenfb_copy_mfns(mode, n_fbmfns, fbmfns, map);
   13.20  	munmap(map, n_fbdirs * XC_PAGE_SIZE);
   13.21  
   13.22 -	xenfb->pub.pixels = xc_map_foreign_batch(xenfb->xc, domid,
   13.23 +	xenfb->pub.pixels = xc_map_foreign_pages(xenfb->xc, domid,
   13.24  				PROT_READ | PROT_WRITE, fbmfns, n_fbmfns);
   13.25  	if (xenfb->pub.pixels == NULL)
   13.26  		goto out;

    14.1 --- a/tools/xenstore/xenstored_core.c	Thu Sep 06 15:04:07 2007 -0600
    14.2 +++ b/tools/xenstore/xenstored_core.c	Fri Sep 07 13:56:50 2007 -0600
    14.3 @@ -1878,14 +1878,14 @@ int main(int argc, char *argv[])
    14.4  		fflush(stdout);
    14.5  	}
    14.6  
    14.7 -	/* close stdin/stdout now we're ready to accept connections */
    14.8 +	/* redirect to /dev/null now we're ready to accept connections */
    14.9  	if (dofork) {
   14.10  		int devnull = open("/dev/null", O_RDWR);
   14.11  		if (devnull == -1)
   14.12  			barf_perror("Could not open /dev/null\n");
   14.13 -		close(STDIN_FILENO);  dup2(STDIN_FILENO, devnull);
   14.14 -		close(STDOUT_FILENO); dup2(STDOUT_FILENO, devnull);
   14.15 -		close(STDERR_FILENO); dup2(STDERR_FILENO, devnull);
   14.16 +		dup2(devnull, STDIN_FILENO);
   14.17 +		dup2(devnull, STDOUT_FILENO);
   14.18 +		dup2(devnull, STDERR_FILENO);
   14.19  		close(devnull);
   14.20  		xprintf = trace;
   14.21  	}

    15.1 --- a/unmodified_drivers/linux-2.6/platform-pci/machine_reboot.c	Thu Sep 06 15:04:07 2007 -0600
    15.2 +++ b/unmodified_drivers/linux-2.6/platform-pci/machine_reboot.c	Fri Sep 07 13:56:50 2007 -0600
    15.3 @@ -18,6 +18,8 @@ struct ap_suspend_info {
    15.4   */
    15.5  static DEFINE_RWLOCK(suspend_lock);
    15.6  
    15.7 +#ifdef CONFIG_SMP
    15.8 +
    15.9  /*
   15.10   * Spinning prevents, for example, APs touching grant table entries while
   15.11   * the shared grant table is not mapped into the address space imemdiately
   15.12 @@ -43,6 +45,14 @@ static void ap_suspend(void *_info)
   15.13  	atomic_dec(&info->nr_spinning);
   15.14  }
   15.15  
   15.16 +#define initiate_ap_suspend(i)	smp_call_function(ap_suspend, i, 0, 0)
   15.17 +
   15.18 +#else /* !defined(CONFIG_SMP) */
   15.19 +
   15.20 +#define initiate_ap_suspend(i)	0
   15.21 +
   15.22 +#endif
   15.23 +
   15.24  static int bp_suspend(void)
   15.25  {
   15.26  	int suspend_cancelled;
   15.27 @@ -80,7 +90,7 @@ int __xen_suspend(int fast_suspend)
   15.28  
   15.29  	nr_cpus = num_online_cpus() - 1;
   15.30  
   15.31 -	err = smp_call_function(ap_suspend, &info, 0, 0);
   15.32 +	err = initiate_ap_suspend(&info);
   15.33  	if (err < 0) {
   15.34  		preempt_enable();
   15.35  		xenbus_suspend_cancel();

    16.1 --- a/xen/arch/x86/domain.c	Thu Sep 06 15:04:07 2007 -0600
    16.2 +++ b/xen/arch/x86/domain.c	Fri Sep 07 13:56:50 2007 -0600
    16.3 @@ -1761,8 +1761,8 @@ int domain_relinquish_resources(struct d
    16.4          /* fallthrough */
    16.5  
    16.6          /* Relinquish every page of memory. */
    16.7 +    case RELMEM_xen_l4:
    16.8  #if CONFIG_PAGING_LEVELS >= 4
    16.9 -    case RELMEM_xen_l4:
   16.10          ret = relinquish_memory(d, &d->xenpage_list, PGT_l4_page_table);
   16.11          if ( ret )
   16.12              return ret;
   16.13 @@ -1776,8 +1776,8 @@ int domain_relinquish_resources(struct d
   16.14          /* fallthrough */
   16.15  #endif
   16.16  
   16.17 +	case RELMEM_xen_l3:
   16.18  #if CONFIG_PAGING_LEVELS >= 3
   16.19 -	case RELMEM_xen_l3:
   16.20          ret = relinquish_memory(d, &d->xenpage_list, PGT_l3_page_table);
   16.21          if ( ret )
   16.22              return ret;

    17.1 --- a/xen/arch/x86/hvm/hvm.c	Thu Sep 06 15:04:07 2007 -0600
    17.2 +++ b/xen/arch/x86/hvm/hvm.c	Fri Sep 07 13:56:50 2007 -0600
    17.3 @@ -586,8 +586,7 @@ int hvm_set_cr0(unsigned long value)
    17.4  
    17.5          if ( !paging_mode_hap(v->domain) )
    17.6          {
    17.7 -            put_page(mfn_to_page(get_mfn_from_gpfn(
    17.8 -                v->arch.hvm_vcpu.guest_cr[3] >> PAGE_SHIFT)));
    17.9 +            put_page(pagetable_get_page(v->arch.guest_table));
   17.10              v->arch.guest_table = pagetable_null();
   17.11          }
   17.12      }
   17.13 @@ -603,21 +602,11 @@ int hvm_set_cr0(unsigned long value)
   17.14  
   17.15  int hvm_set_cr3(unsigned long value)
   17.16  {
   17.17 -    unsigned long old_base_mfn, mfn;
   17.18 +    unsigned long mfn;
   17.19      struct vcpu *v = current;
   17.20  
   17.21 -    if ( paging_mode_hap(v->domain) || !hvm_paging_enabled(v) )
   17.22 -    {
   17.23 -        /* Nothing to do. */
   17.24 -    }
   17.25 -    else if ( value == v->arch.hvm_vcpu.guest_cr[3] )
   17.26 -    {
   17.27 -        /* Shadow-mode TLB flush. Invalidate the shadow. */
   17.28 -        mfn = get_mfn_from_gpfn(value >> PAGE_SHIFT);
   17.29 -        if ( mfn != pagetable_get_pfn(v->arch.guest_table) )
   17.30 -            goto bad_cr3;
   17.31 -    }
   17.32 -    else 
   17.33 +    if ( hvm_paging_enabled(v) && !paging_mode_hap(v->domain) &&
   17.34 +         (value != v->arch.hvm_vcpu.guest_cr[3]) )
   17.35      {
   17.36          /* Shadow-mode CR3 change. Check PDBR and then make a new shadow. */
   17.37          HVM_DBG_LOG(DBG_LEVEL_VMMU, "CR3 value = %lx", value);
   17.38 @@ -625,12 +614,9 @@ int hvm_set_cr3(unsigned long value)
   17.39          if ( !mfn_valid(mfn) || !get_page(mfn_to_page(mfn), v->domain) )
   17.40              goto bad_cr3;
   17.41  
   17.42 -        old_base_mfn = pagetable_get_pfn(v->arch.guest_table);
   17.43 +        put_page(pagetable_get_page(v->arch.guest_table));
   17.44          v->arch.guest_table = pagetable_from_pfn(mfn);
   17.45  
   17.46 -        if ( old_base_mfn )
   17.47 -            put_page(mfn_to_page(old_base_mfn));
   17.48 -
   17.49          HVM_DBG_LOG(DBG_LEVEL_VMMU, "Update CR3 value = %lx", value);
   17.50      }
   17.51  

    18.1 --- a/xen/arch/x86/hvm/svm/svm.c	Thu Sep 06 15:04:07 2007 -0600
    18.2 +++ b/xen/arch/x86/hvm/svm/svm.c	Fri Sep 07 13:56:50 2007 -0600
    18.3 @@ -337,9 +337,37 @@ int svm_vmcb_save(struct vcpu *v, struct
    18.4  
    18.5  int svm_vmcb_restore(struct vcpu *v, struct hvm_hw_cpu *c)
    18.6  {
    18.7 -    unsigned long mfn, old_base_mfn;
    18.8 +    unsigned long mfn = 0;
    18.9      struct vmcb_struct *vmcb = v->arch.hvm_svm.vmcb;
   18.10  
   18.11 +    if ( c->pending_valid &&
   18.12 +         ((c->pending_type == 1) || (c->pending_type > 6) ||
   18.13 +          (c->pending_reserved != 0)) )
   18.14 +    {
   18.15 +        gdprintk(XENLOG_ERR, "Invalid pending event 0x%"PRIx32".\n",
   18.16 +                 c->pending_event);
   18.17 +        return -EINVAL;
   18.18 +    }
   18.19 +
   18.20 +    if ( !paging_mode_hap(v->domain) )
   18.21 +    {
   18.22 +        if ( c->cr0 & X86_CR0_PG )
   18.23 +        {
   18.24 +            mfn = gmfn_to_mfn(v->domain, c->cr3 >> PAGE_SHIFT);
   18.25 +            if ( !mfn_valid(mfn) || !get_page(mfn_to_page(mfn), v->domain) )
   18.26 +            {
   18.27 +                gdprintk(XENLOG_ERR, "Invalid CR3 value=0x%"PRIx64"\n",
   18.28 +                         c->cr3);
   18.29 +                return -EINVAL;
   18.30 +            }
   18.31 +        }
   18.32 +
   18.33 +        if ( v->arch.hvm_vcpu.guest_cr[0] & X86_CR0_PG )
   18.34 +            put_page(pagetable_get_page(v->arch.guest_table));
   18.35 +
   18.36 +        v->arch.guest_table = pagetable_from_pfn(mfn);
   18.37 +    }
   18.38 +
   18.39      vmcb->rip    = c->rip;
   18.40      vmcb->rsp    = c->rsp;
   18.41      vmcb->rflags = c->rflags;
   18.42 @@ -357,18 +385,6 @@ int svm_vmcb_restore(struct vcpu *v, str
   18.43             __func__, c->cr3, c->cr0, c->cr4);
   18.44  #endif
   18.45  
   18.46 -    if ( hvm_paging_enabled(v) && !paging_mode_hap(v->domain) )
   18.47 -    {
   18.48 -        HVM_DBG_LOG(DBG_LEVEL_VMMU, "CR3 = %"PRIx64, c->cr3);
   18.49 -        mfn = gmfn_to_mfn(v->domain, c->cr3 >> PAGE_SHIFT);
   18.50 -        if( !mfn_valid(mfn) || !get_page(mfn_to_page(mfn), v->domain) ) 
   18.51 -            goto bad_cr3;
   18.52 -        old_base_mfn = pagetable_get_pfn(v->arch.guest_table);
   18.53 -        v->arch.guest_table = pagetable_from_pfn(mfn);
   18.54 -        if ( old_base_mfn )
   18.55 -             put_page(mfn_to_page(old_base_mfn));
   18.56 -    }
   18.57 -
   18.58      vmcb->idtr.limit = c->idtr_limit;
   18.59      vmcb->idtr.base  = c->idtr_base;
   18.60  
   18.61 @@ -435,14 +451,6 @@ int svm_vmcb_restore(struct vcpu *v, str
   18.62          gdprintk(XENLOG_INFO, "Re-injecting 0x%"PRIx32", 0x%"PRIx32"\n",
   18.63                   c->pending_event, c->error_code);
   18.64  
   18.65 -        if ( (c->pending_type == 1) || (c->pending_type > 6) ||
   18.66 -             (c->pending_reserved != 0) )
   18.67 -        {
   18.68 -            gdprintk(XENLOG_ERR, "Invalid pending event 0x%"PRIx32"\n", 
   18.69 -                     c->pending_event);
   18.70 -            return -EINVAL;
   18.71 -        }
   18.72 -
   18.73          if ( hvm_event_needs_reinjection(c->pending_type, c->pending_vector) )
   18.74          {
   18.75              vmcb->eventinj.bytes = c->pending_event;
   18.76 @@ -453,10 +461,6 @@ int svm_vmcb_restore(struct vcpu *v, str
   18.77      paging_update_paging_modes(v);
   18.78  
   18.79      return 0;
   18.80 - 
   18.81 - bad_cr3:
   18.82 -    gdprintk(XENLOG_ERR, "Invalid CR3 value=0x%"PRIx64"\n", c->cr3);
   18.83 -    return -EINVAL;
   18.84  }
   18.85  
   18.86          

    19.1 --- a/xen/arch/x86/hvm/vmx/vmx.c	Thu Sep 06 15:04:07 2007 -0600
    19.2 +++ b/xen/arch/x86/hvm/vmx/vmx.c	Fri Sep 07 13:56:50 2007 -0600
    19.3 @@ -565,7 +565,31 @@ void vmx_vmcs_save(struct vcpu *v, struc
    19.4  
    19.5  int vmx_vmcs_restore(struct vcpu *v, struct hvm_hw_cpu *c)
    19.6  {
    19.7 -    unsigned long mfn, old_base_mfn;
    19.8 +    unsigned long mfn = 0;
    19.9 +
   19.10 +    if ( c->pending_valid &&
   19.11 +         ((c->pending_type == 1) || (c->pending_type > 6) ||
   19.12 +          (c->pending_reserved != 0)) )
   19.13 +    {
   19.14 +        gdprintk(XENLOG_ERR, "Invalid pending event 0x%"PRIx32".\n",
   19.15 +                 c->pending_event);
   19.16 +        return -EINVAL;
   19.17 +    }
   19.18 +
   19.19 +    if ( c->cr0 & X86_CR0_PG )
   19.20 +    {
   19.21 +        mfn = gmfn_to_mfn(v->domain, c->cr3 >> PAGE_SHIFT);
   19.22 +        if ( !mfn_valid(mfn) || !get_page(mfn_to_page(mfn), v->domain) )
   19.23 +        {
   19.24 +            gdprintk(XENLOG_ERR, "Invalid CR3 value=0x%"PRIx64"\n", c->cr3);
   19.25 +            return -EINVAL;
   19.26 +        }
   19.27 +    }
   19.28 +
   19.29 +    if ( v->arch.hvm_vcpu.guest_cr[0] & X86_CR0_PG )
   19.30 +        put_page(pagetable_get_page(v->arch.guest_table));
   19.31 +
   19.32 +    v->arch.guest_table = pagetable_from_pfn(mfn);
   19.33  
   19.34      vmx_vmcs_enter(v);
   19.35  
   19.36 @@ -586,18 +610,6 @@ int vmx_vmcs_restore(struct vcpu *v, str
   19.37             __func__, c->cr3, c->cr0, c->cr4);
   19.38  #endif
   19.39  
   19.40 -    if ( hvm_paging_enabled(v) )
   19.41 -    {
   19.42 -        HVM_DBG_LOG(DBG_LEVEL_VMMU, "CR3 = %"PRIx64, c->cr3);
   19.43 -        mfn = gmfn_to_mfn(v->domain, c->cr3 >> PAGE_SHIFT);
   19.44 -        if ( !mfn_valid(mfn) || !get_page(mfn_to_page(mfn), v->domain) )
   19.45 -            goto bad_cr3;
   19.46 -        old_base_mfn = pagetable_get_pfn(v->arch.guest_table);
   19.47 -        v->arch.guest_table = pagetable_from_pfn(mfn);
   19.48 -        if ( old_base_mfn )
   19.49 -            put_page(mfn_to_page(old_base_mfn));
   19.50 -    }
   19.51 -
   19.52      v->arch.hvm_vcpu.guest_efer = c->msr_efer;
   19.53      vmx_update_guest_efer(v);
   19.54  
   19.55 @@ -662,14 +674,6 @@ int vmx_vmcs_restore(struct vcpu *v, str
   19.56          gdprintk(XENLOG_INFO, "Re-injecting 0x%"PRIx32", 0x%"PRIx32"\n",
   19.57                   c->pending_event, c->error_code);
   19.58  
   19.59 -        if ( (c->pending_type == 1) || (c->pending_type > 6) ||
   19.60 -             (c->pending_reserved != 0) )
   19.61 -        {
   19.62 -            gdprintk(XENLOG_ERR, "Invalid pending event 0x%"PRIx32".\n",
   19.63 -                     c->pending_event);
   19.64 -            return -EINVAL;
   19.65 -        }
   19.66 -
   19.67          if ( hvm_event_needs_reinjection(c->pending_type, c->pending_vector) )
   19.68          {
   19.69              vmx_vmcs_enter(v);
   19.70 @@ -680,11 +684,6 @@ int vmx_vmcs_restore(struct vcpu *v, str
   19.71      }
   19.72  
   19.73      return 0;
   19.74 -
   19.75 - bad_cr3:
   19.76 -    gdprintk(XENLOG_ERR, "Invalid CR3 value=0x%"PRIx64"\n", c->cr3);
   19.77 -    vmx_vmcs_exit(v);
   19.78 -    return -EINVAL;
   19.79  }
   19.80  
   19.81  #if defined(__x86_64__) && defined(HVM_DEBUG_SUSPEND)
   19.82 @@ -1905,7 +1904,22 @@ static void vmx_world_save(struct vcpu *
   19.83  
   19.84  static int vmx_world_restore(struct vcpu *v, struct vmx_assist_context *c)
   19.85  {
   19.86 -    unsigned long mfn, old_base_mfn;
   19.87 +    unsigned long mfn = 0;
   19.88 +
   19.89 +    if ( c->cr0 & X86_CR0_PG )
   19.90 +    {
   19.91 +        mfn = gmfn_to_mfn(v->domain, c->cr3 >> PAGE_SHIFT);
   19.92 +        if ( !mfn_valid(mfn) || !get_page(mfn_to_page(mfn), v->domain) )
   19.93 +        {
   19.94 +            gdprintk(XENLOG_ERR, "Invalid CR3 value=%x", c->cr3);
   19.95 +            return -EINVAL;
   19.96 +        }
   19.97 +    }
   19.98 +
   19.99 +    if ( v->arch.hvm_vcpu.guest_cr[0] & X86_CR0_PG )
  19.100 +        put_page(pagetable_get_page(v->arch.guest_table));
  19.101 +
  19.102 +    v->arch.guest_table = pagetable_from_pfn(mfn);
  19.103  
  19.104      __vmwrite(GUEST_RIP, c->eip);
  19.105      __vmwrite(GUEST_RSP, c->esp);
  19.106 @@ -1917,18 +1931,6 @@ static int vmx_world_restore(struct vcpu
  19.107      vmx_update_guest_cr(v, 0);
  19.108      vmx_update_guest_cr(v, 4);
  19.109  
  19.110 -    if ( hvm_paging_enabled(v) )
  19.111 -    {
  19.112 -        HVM_DBG_LOG(DBG_LEVEL_VMMU, "CR3 = %x", c->cr3);
  19.113 -        mfn = get_mfn_from_gpfn(c->cr3 >> PAGE_SHIFT);
  19.114 -        if ( !mfn_valid(mfn) || !get_page(mfn_to_page(mfn), v->domain) )
  19.115 -            goto bad_cr3;
  19.116 -        old_base_mfn = pagetable_get_pfn(v->arch.guest_table);
  19.117 -        v->arch.guest_table = pagetable_from_pfn(mfn);
  19.118 -        if ( old_base_mfn )
  19.119 -             put_page(mfn_to_page(old_base_mfn));
  19.120 -    }
  19.121 -
  19.122      __vmwrite(GUEST_IDTR_LIMIT, c->idtr_limit);
  19.123      __vmwrite(GUEST_IDTR_BASE, c->idtr_base);
  19.124  
  19.125 @@ -1977,10 +1979,6 @@ static int vmx_world_restore(struct vcpu
  19.126  
  19.127      paging_update_paging_modes(v);
  19.128      return 0;
  19.129 -
  19.130 - bad_cr3:
  19.131 -    gdprintk(XENLOG_ERR, "Invalid CR3 value=%x", c->cr3);
  19.132 -    return -EINVAL;
  19.133  }
  19.134  
  19.135  enum { VMX_ASSIST_INVOKE = 0, VMX_ASSIST_RESTORE };

    20.1 --- a/xen/arch/x86/mm/shadow/multi.c	Thu Sep 06 15:04:07 2007 -0600
    20.2 +++ b/xen/arch/x86/mm/shadow/multi.c	Fri Sep 07 13:56:50 2007 -0600
    20.3 @@ -3502,24 +3502,12 @@ sh_update_cr3(struct vcpu *v, int do_loc
    20.4      /* Double-check that the HVM code has sent us a sane guest_table */
    20.5      if ( is_hvm_domain(d) )
    20.6      {
    20.7 -        gfn_t gfn;
    20.8 -
    20.9          ASSERT(shadow_mode_external(d));
   20.10 -
   20.11 -        // Is paging enabled on this vcpu?
   20.12          if ( hvm_paging_enabled(v) )
   20.13 -        {
   20.14 -            gfn = _gfn(paddr_to_pfn(v->arch.hvm_vcpu.guest_cr[3]));
   20.15 -            gmfn = gfn_to_mfn(d, gfn);
   20.16 -            ASSERT(mfn_valid(gmfn));
   20.17 -            ASSERT(pagetable_get_pfn(v->arch.guest_table) == mfn_x(gmfn));
   20.18 -        } 
   20.19 +            ASSERT(pagetable_get_pfn(v->arch.guest_table));
   20.20          else 
   20.21 -        {
   20.22 -            /* Paging disabled: guest_table points at a 32-bit 1-to-1 map */
   20.23              ASSERT(v->arch.guest_table.pfn
   20.24                     == d->arch.paging.shadow.unpaged_pagetable.pfn);
   20.25 -        }
   20.26      }
   20.27  #endif
   20.28