Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
xen.6738
5a0d5c59-x86-dont-wrongly-trigger-linear-pgt-as...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 5a0d5c59-x86-dont-wrongly-trigger-linear-pgt-assertion.patch of Package xen.6738
# Commit 2c458dfcb59f3d9d8a35fc5ffbf780b6ed7a26a6 # Date 2017-11-16 10:37:29 +0100 # Author Jan Beulich <jbeulich@suse.com> # Committer Jan Beulich <jbeulich@suse.com> x86: don't wrongly trigger linear page table assertion _put_page_type() may do multiple iterations until its cmpxchg() succeeds. It invokes set_tlbflush_timestamp() on the first iteration, however. Code inside the function takes care of this, but - the assertion in _put_final_page_type() would trigger on the second iteration if time stamps in a debug build are permitted to be sufficiently much wider than the default 6 bits (see WRAP_MASK in flushtlb.c), - it returning -EINTR (for a continuation to be scheduled) would leave the page inconsistent state (until the re-invocation completes). Make the set_tlbflush_timestamp() invocation conditional, bypassing it (for now) only in the case we really can't tolerate the stamp to be stored. This is part of XSA-240. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com> --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2424,29 +2424,20 @@ static int _put_page_type(struct page_in break; } - if ( ptpg && PGT_type_equal(x, ptpg->u.inuse.type_info) ) - { - /* - * page_set_tlbflush_timestamp() accesses the same union - * linear_pt_count lives in. Unvalidated page table pages, - * however, should occur during domain destruction only - * anyway. Updating of linear_pt_count luckily is not - * necessary anymore for a dying domain. - */ - ASSERT(page_get_owner(page)->is_dying); - ASSERT(page->linear_pt_count < 0); - ASSERT(ptpg->linear_pt_count > 0); - ptpg = NULL; - } - /* * Record TLB information for flush later. We do not stamp page * tables when running in shadow mode: * 1. Pointless, since it's the shadow pt's which must be tracked. * 2. Shadow mode reuses this field for shadowed page tables to * store flags info -- we don't want to conflict with that. + * Also page_set_tlbflush_timestamp() accesses the same union + * linear_pt_count lives in. Pages (including page table ones), + * however, don't need their flush time stamp set except when + * the last reference is being dropped. For page table pages + * this happens in _put_final_page_type(). */ - if ( !(shadow_mode_enabled(page_get_owner(page)) && + if ( (!ptpg || !PGT_type_equal(x, ptpg->u.inuse.type_info)) && + !(shadow_mode_enabled(page_get_owner(page)) && (page->count_info & PGC_page_table)) ) page_set_tlbflush_timestamp(page); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor