File 19371-in-sync-L1s-writable.patch of Package xen
# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1237301732 0
# Node ID d3a2bcff275c6a00c91133e9974f56454b4b79b5
# Parent 4f7969257fb5d1aa2691093dca046d39452f09aa
x86 shadow: Prevent in-sync L1s to become writable
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
xen-unstable changeset: 19371:6d5aa622fb3d696144ff7ea96636318946c560a8
xen-unstable date: Tue Mar 17 14:29:26 2009 +0000
--- a/xen/arch/x86/mm/shadow/multi.c
+++ b/xen/arch/x86/mm/shadow/multi.c
@@ -3263,6 +3263,19 @@ static int sh_page_fault(struct vcpu *v,
shadow_lock(d);
+ /* Make sure there is enough free shadow memory to build a chain of
+ * shadow tables. (We never allocate a top-level shadow on this path,
+ * only a 32b l1, pae l1, or 64b l3+2+1. Note that while
+ * SH_type_l1_shadow isn't correct in the latter case, all page
+ * tables are the same size there.)
+ *
+ * Preallocate shadow pages *before* removing writable accesses
+ * otherwhise an OOS L1 might be demoted and promoted again with
+ * writable mappings. */
+ shadow_prealloc(d,
+ SH_type_l1_shadow,
+ GUEST_PAGING_LEVELS < 4 ? 1 : GUEST_PAGING_LEVELS - 1);
+
rc = gw_remove_write_accesses(v, va, &gw);
/* First bit set: Removed write access to a page. */
@@ -3295,15 +3308,6 @@ static int sh_page_fault(struct vcpu *v,
shadow_audit_tables(v);
sh_audit_gw(v, &gw);
- /* Make sure there is enough free shadow memory to build a chain of
- * shadow tables. (We never allocate a top-level shadow on this path,
- * only a 32b l1, pae l1, or 64b l3+2+1. Note that while
- * SH_type_l1_shadow isn't correct in the latter case, all page
- * tables are the same size there.) */
- shadow_prealloc(d,
- SH_type_l1_shadow,
- GUEST_PAGING_LEVELS < 4 ? 1 : GUEST_PAGING_LEVELS - 1);
-
/* Acquire the shadow. This must happen before we figure out the rights
* for the shadow entry, since we might promote a page here. */
ptr_sl1e = shadow_get_and_create_l1e(v, &gw, &sl1mfn, ft);
