# HG changeset patch
# User Shriram Rajagopalan <rshriram@cs.ubc.ca>
# Date 1299171327 0
# Node ID 5bc39222773de23c885237287902152dd53c1077
# Parent 9dfd7ffcd76c70191dcca9be0820483baa6cafa3
libxc: fix incorrect scanning of pfn array in pagebuf during migration
xc_domain_restore.c:apply_batch function makes two passes over the pfn_types
array in pagebuf to allocate the needed MFNs. The curbatch parameter to this
function specifies the array offset in pfn_types, from where the current scan
should begin. But this variable is not taken into account (index always starts
at 0) during the two passes. While this [bug] does not manifest itsef during
save/restore or live migration, under Remus, xc_domain_restore fails due to
corrupt guest page tables.
(This appears to have been broken by 21588:6c3d8aec202d which reverted
two changesets from before Remus support was added and hence
reintroduced some none-Remus compatible bits.)
Signed-off-by: Shriram Rajagopalan <rshriram@cs.ubc.ca>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
diff -r 9dfd7ffcd76c -r 5bc39222773d tools/libxc/xc_domain_restore.c
--- a/tools/libxc/xc_domain_restore.c Thu Mar 03 15:14:30 2011 +0000
+++ b/tools/libxc/xc_domain_restore.c Thu Mar 03 16:55:27 2011 +0000
@@ -907,8 +907,8 @@
for ( i = 0; i < j; i++ )
{
unsigned long pfn, pagetype;
- pfn = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
- pagetype = pagebuf->pfn_types[i] & XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pfn = pagebuf->pfn_types[i + curbatch] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pagetype = pagebuf->pfn_types[i + curbatch] & XEN_DOMCTL_PFINFO_LTAB_MASK;
if ( (pagetype != XEN_DOMCTL_PFINFO_XTAB) &&
(ctx->p2m[pfn] == INVALID_P2M_ENTRY) )
@@ -934,8 +934,8 @@
for ( i = 0; i < j; i++ )
{
unsigned long pfn, pagetype;
- pfn = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
- pagetype = pagebuf->pfn_types[i] & XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pfn = pagebuf->pfn_types[i + curbatch] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pagetype = pagebuf->pfn_types[i + curbatch] & XEN_DOMCTL_PFINFO_LTAB_MASK;
if ( pagetype == XEN_DOMCTL_PFINFO_XTAB )
region_mfn[i] = ~0UL; /* map will fail but we don't care */
_______________________________________________
Xen-changelog mailing list
Xen-changelog@lists.xensource.com
http://lists.xensource.com/xen-changelog
# User Shriram Rajagopalan <rshriram@cs.ubc.ca>
# Date 1299171327 0
# Node ID 5bc39222773de23c885237287902152dd53c1077
# Parent 9dfd7ffcd76c70191dcca9be0820483baa6cafa3
libxc: fix incorrect scanning of pfn array in pagebuf during migration
xc_domain_restore.c:apply_batch function makes two passes over the pfn_types
array in pagebuf to allocate the needed MFNs. The curbatch parameter to this
function specifies the array offset in pfn_types, from where the current scan
should begin. But this variable is not taken into account (index always starts
at 0) during the two passes. While this [bug] does not manifest itsef during
save/restore or live migration, under Remus, xc_domain_restore fails due to
corrupt guest page tables.
(This appears to have been broken by 21588:6c3d8aec202d which reverted
two changesets from before Remus support was added and hence
reintroduced some none-Remus compatible bits.)
Signed-off-by: Shriram Rajagopalan <rshriram@cs.ubc.ca>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
diff -r 9dfd7ffcd76c -r 5bc39222773d tools/libxc/xc_domain_restore.c
--- a/tools/libxc/xc_domain_restore.c Thu Mar 03 15:14:30 2011 +0000
+++ b/tools/libxc/xc_domain_restore.c Thu Mar 03 16:55:27 2011 +0000
@@ -907,8 +907,8 @@
for ( i = 0; i < j; i++ )
{
unsigned long pfn, pagetype;
- pfn = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
- pagetype = pagebuf->pfn_types[i] & XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pfn = pagebuf->pfn_types[i + curbatch] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pagetype = pagebuf->pfn_types[i + curbatch] & XEN_DOMCTL_PFINFO_LTAB_MASK;
if ( (pagetype != XEN_DOMCTL_PFINFO_XTAB) &&
(ctx->p2m[pfn] == INVALID_P2M_ENTRY) )
@@ -934,8 +934,8 @@
for ( i = 0; i < j; i++ )
{
unsigned long pfn, pagetype;
- pfn = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
- pagetype = pagebuf->pfn_types[i] & XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pfn = pagebuf->pfn_types[i + curbatch] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pagetype = pagebuf->pfn_types[i + curbatch] & XEN_DOMCTL_PFINFO_LTAB_MASK;
if ( pagetype == XEN_DOMCTL_PFINFO_XTAB )
region_mfn[i] = ~0UL; /* map will fail but we don't care */
_______________________________________________
Xen-changelog mailing list
Xen-changelog@lists.xensource.com
http://lists.xensource.com/xen-changelog