diff options
author | Keir Fraser <keir@xen.org> | 2011-09-30 21:16:43 +0100 |
---|---|---|
committer | Keir Fraser <keir@xen.org> | 2011-09-30 21:16:43 +0100 |
commit | 103b4a31567fbbea27a38dfbd5f8e1ca3a870869 (patch) | |
tree | e7982c51cc14bc25ea3eca4746cd1cbc190c4961 /xen/common/page_alloc.c | |
parent | 3a5a642a938cafc3e9eebd975b223e14610416e2 (diff) | |
download | xen-103b4a31567fbbea27a38dfbd5f8e1ca3a870869.tar.gz xen-103b4a31567fbbea27a38dfbd5f8e1ca3a870869.tar.bz2 xen-103b4a31567fbbea27a38dfbd5f8e1ca3a870869.zip |
X86 MCE: Prevent malicious guest access broken page again
To avoid recursive mce.
Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Committed-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/common/page_alloc.c')
-rw-r--r-- | xen/common/page_alloc.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c index f38d1ff986..3ce34af440 100644 --- a/xen/common/page_alloc.c +++ b/xen/common/page_alloc.c @@ -38,6 +38,7 @@ #include <xen/tmem.h> #include <xen/tmem_xen.h> #include <public/sysctl.h> +#include <public/sched.h> #include <asm/page.h> #include <asm/numa.h> #include <asm/flushtlb.h> @@ -708,6 +709,19 @@ int offline_page(unsigned long mfn, int broken, uint32_t *status) return -EINVAL; } + /* + * NB. When broken page belong to guest, usually hypervisor will + * notify the guest to handle the broken page. However, hypervisor + * need to prevent malicious guest access the broken page again. + * Under such case, hypervisor shutdown guest, preventing recursive mce. + */ + if ( (pg->count_info & PGC_broken) && (owner = page_get_owner(pg)) ) + { + *status = PG_OFFLINE_AGAIN; + domain_shutdown(owner, SHUTDOWN_crash); + return 0; + } + spin_lock(&heap_lock); old_info = mark_page_offline(pg, broken); |