diff options
| author | Shriram Rajagopalan <rshriram@cs.ubc.ca> | 2011-03-14 16:58:08 +0000 |
|---|---|---|
| committer | Shriram Rajagopalan <rshriram@cs.ubc.ca> | 2011-03-14 16:58:08 +0000 |
| commit | c0083e85403a60b874b4bca66d51da296351f8ca (patch) | |
| tree | 8340a3c09295588f6acbb76e655d7cef99c95a57 | |
| parent | 721dab2acdeb00a458719e549ab1916fc415b49b (diff) | |
| download | xen-c0083e85403a60b874b4bca66d51da296351f8ca.tar.gz xen-c0083e85403a60b874b4bca66d51da296351f8ca.tar.bz2 xen-c0083e85403a60b874b4bca66d51da296351f8ca.zip | |
libxc: fix incorrect scanning of pfn array in pagebuf during migration
xc_domain_restore.c:apply_batch function makes two passes over the
pfn_types array in pagebuf to allocate the needed MFNs. The curbatch
parameter to this function specifies the array offset in pfn_types,
from where the current scan should begin. But this variable is not
taken into account (index always starts at 0) during the two
passes. While this [bug] does not manifest itsef during save/restore
or live migration, under Remus, xc_domain_restore fails due to corrupt
guest page tables.
(This appears to have been broken by 21588:6c3d8aec202d which reverted
two changesets from before Remus support was added and hence
reintroduced some none-Remus compatible bits.)
Signed-off-by: Shriram Rajagopalan <rshriram@cs.ubc.ca>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
xen-unstable changeset: 22967:5bc39222773d
xen-unstable date: Thu Mar 03 16:55:27 2011 +0000
| -rw-r--r-- | tools/libxc/xc_domain_restore.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/tools/libxc/xc_domain_restore.c b/tools/libxc/xc_domain_restore.c index c0d527b78f..a288c8cdac 100644 --- a/tools/libxc/xc_domain_restore.c +++ b/tools/libxc/xc_domain_restore.c @@ -825,8 +825,8 @@ static int apply_batch(int xc_handle, uint32_t dom, struct restore_ctx *ctx, for ( i = 0; i < j; i++ ) { unsigned long pfn, pagetype; - pfn = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK; - pagetype = pagebuf->pfn_types[i] & XEN_DOMCTL_PFINFO_LTAB_MASK; + pfn = pagebuf->pfn_types[i + curbatch] & ~XEN_DOMCTL_PFINFO_LTAB_MASK; + pagetype = pagebuf->pfn_types[i + curbatch] & XEN_DOMCTL_PFINFO_LTAB_MASK; if ( (pagetype != XEN_DOMCTL_PFINFO_XTAB) && (ctx->p2m[pfn] == INVALID_P2M_ENTRY) ) @@ -852,8 +852,8 @@ static int apply_batch(int xc_handle, uint32_t dom, struct restore_ctx *ctx, for ( i = 0; i < j; i++ ) { unsigned long pfn, pagetype; - pfn = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK; - pagetype = pagebuf->pfn_types[i] & XEN_DOMCTL_PFINFO_LTAB_MASK; + pfn = pagebuf->pfn_types[i + curbatch] & ~XEN_DOMCTL_PFINFO_LTAB_MASK; + pagetype = pagebuf->pfn_types[i + curbatch] & XEN_DOMCTL_PFINFO_LTAB_MASK; if ( pagetype == XEN_DOMCTL_PFINFO_XTAB ) region_mfn[i] = ~0UL; /* map will fail but we don't care */ |