While in the vast majority of cases failure of the function will not
be followed by re-invocation with the same emulation context, a few
very specific insns - involving multiple independent writes, e.g. ENTER
and PUSHA - exist where this can happen. Since failure of the function
only signals to the caller that it ought to try an MMIO write instead,
such failure also cannot be assumed to result in wholesale failure of
emulation of the current insn. Instead we have to maintain internal
state such that another invocation of the function with the same
emulation context remains possible. To achieve that we need to reset MFN
slots after putting page references on the error path.
Note that all of this affects debugging code only, in causing an
assertion to trigger (higher up in the function). There's otherwise no
misbehavior - such a "leftover" slot would simply be overwritten by new
contents in a release build.
Also extend the related unmap() assertion, to further check for MFN 0.
Fixes: 8cbd4fb0b7ea ("x86/hvm: implement hvmemul_write() using real mappings")
Reported-by: Manuel Andreas <manuel.andreas@tum.de>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Paul Durrant <paul@xen.org>
out:
/* Drop all held references. */
while ( mfn-- > hvmemul_ctxt->mfn )
+ {
put_page(mfn_to_page(*mfn));
+#ifndef NDEBUG /* Clean slot for a subsequent map()'s error checking. */
+ *mfn = _mfn(0);
+#endif
+ }
return err;
}
for ( i = 0; i < nr_frames; i++ )
{
- ASSERT(mfn_valid(*mfn));
+ ASSERT(mfn_x(*mfn) && mfn_valid(*mfn));
paging_mark_dirty(currd, *mfn);
put_page(mfn_to_page(*mfn));
projects / people / andrewcoop / xen.git / commitdiff