mirror of
https://git.freebsd.org/ports.git
synced 2025-06-23 21:50:32 -04:00
989d8dbb27
This includes a band-aid for running 64bit PV guests without compromising the whole system. MFH: 2018Q1 Sponsored by: Citrix Systems R&D
42 lines
1.6 KiB
Diff
42 lines
1.6 KiB
Diff
From: Jan Beulich <jbeulich@suse.com>
|
|
Subject: x86/shadow: fix refcount overflow check
|
|
|
|
Commit c385d27079 ("x86 shadow: for multi-page shadows, explicitly track
|
|
the first page") reduced the refcount width to 25, without adjusting the
|
|
overflow check. Eliminate the disconnect by using a manifest constant.
|
|
|
|
Interestingly, up to commit 047782fa01 ("Out-of-sync L1 shadows: OOS
|
|
snapshot") the refcount was 27 bits wide, yet the check was already
|
|
using 26.
|
|
|
|
This is XSA-249.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
|
|
Reviewed-by: Tim Deegan <tim@xen.org>
|
|
---
|
|
v2: Simplify expression back to the style it was.
|
|
|
|
--- a/xen/arch/x86/mm/shadow/private.h
|
|
+++ b/xen/arch/x86/mm/shadow/private.h
|
|
@@ -529,7 +529,7 @@ static inline int sh_get_ref(struct doma
|
|
x = sp->u.sh.count;
|
|
nx = x + 1;
|
|
|
|
- if ( unlikely(nx >= 1U<<26) )
|
|
+ if ( unlikely(nx >= (1U << PAGE_SH_REFCOUNT_WIDTH)) )
|
|
{
|
|
SHADOW_PRINTK("shadow ref overflow, gmfn=%lx smfn=%lx\n",
|
|
__backpointer(sp), mfn_x(smfn));
|
|
--- a/xen/include/asm-x86/mm.h
|
|
+++ b/xen/include/asm-x86/mm.h
|
|
@@ -82,7 +82,8 @@ struct page_info
|
|
unsigned long type:5; /* What kind of shadow is this? */
|
|
unsigned long pinned:1; /* Is the shadow pinned? */
|
|
unsigned long head:1; /* Is this the first page of the shadow? */
|
|
- unsigned long count:25; /* Reference count */
|
|
+#define PAGE_SH_REFCOUNT_WIDTH 25
|
|
+ unsigned long count:PAGE_SH_REFCOUNT_WIDTH; /* Reference count */
|
|
} sh;
|
|
|
|
/* Page is on a free list: ((count_info & PGC_count_mask) == 0). */
|