- 06 Jan, 2007 40 commits
-
-
Christoph Lameter authored
Both process_zones() and drain_node_pages() check for populated zones before touching pagesets. However, __drain_pages does not do so, This may result in a NULL pointer dereference for pagesets in unpopulated zones if a NUMA setup is combined with cpu hotplug. Initially the unpopulated zone has the pcp pointers pointing to the boot pagesets. Since the zone is not populated the boot pageset pointers will not be changed during page allocator and slab bootstrap. If a cpu is later brought down (first call to __drain_pages()) then the pcp pointers for cpus in unpopulated zones are set to NULL since __drain_pages does not first check for an unpopulated zone. If the cpu is then brought up again then we call process_zones() which will ignore the unpopulated zone. So the pageset pointers will still be NULL. If the cpu is then again brought down then __drain_pages will attempt to drain pages by following the NULL pageset pointer for unpopulated zones. Signed-off-by:
Christoph Lameter <clameter@sgi.com> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
Linus Torvalds <torvalds@osdl.org>
-
Alan authored
The HPT37x driver very carefully handles DMA completions and the needed fixups are done on pci registers 0x50 and 0x52. This is unfortunate because the actual registers are 0x50 and 0x54. Fixing this offset cures the second channel problems reported. Secondly there are some problems with the HPT370 and certain ATA drives. The filter code however only filters ATAPI devices due to a reversed type check. Signed-off-by:
Alan Cox <alan@redhat.com> Signed-off-by:
-
Alexey Dobriyan authored
Signed-off-by:
Alexey Dobriyan <adobriyan@gmail.com> Acked-by:
-
Dor Laor authored
No need to test for rflags.if as both VT and SVM specs assure us that on exit caused from interrupt window opening, 'if' is set. Signed-off-by:
Dor Laor <dor.laor@qumranet.com> Signed-off-by:
Avi Kivity <avi@qumranet.com> Signed-off-by:
-
Ingo Molnar authored
Small optimization/cleanup: page == page_header(page->page_hpa) Signed-off-by:Ingo Molnar <mingo@elte.hu> Signed-off-by:
-
Ingo Molnar authored
Prevent the guest's loading of a corrupt cr3 (pointing at no guest phsyical page) from crashing the host. Signed-off-by:
-
Avi Kivity authored
If we emulate a write, we fail to set the dirty bit on the guest pte, leading the guest to believe the page is clean, and thus lose data. Bad. Fix by setting the guest pte dirty bit under such conditions. Signed-off-by:
-
Avi Kivity authored
It overwrites the right cr3 set from mmu setup. Happens only with the test harness. Signed-off-by:
-
Avi Kivity authored
Signed-off-by:
-
Ingo Molnar authored
Signed-off-by:
-
Avi Kivity authored
Fixes oops on early close of /dev/kvm. Signed-off-by:
-
Avi Kivity authored
This will allow us to see the root cause when a vmwrite error happens. Signed-off-by:
-
Avi Kivity authored
Signed-off-by:
-
Avi Kivity authored
mmu_destroy flushes the guest tlb (indirectly), which needs a valid vcpu. Signed-off-by:
-
Avi Kivity authored
If we reduce permissions on a pte, we must flush the cached copy of the pte from the guest's tlb. This is implemented at the moment by flushing the entire guest tlb, and can be improved by flushing just the relevant virtual address, if it is known. Signed-off-by:
-
Avi Kivity authored
Signed-off-by:
-
Avi Kivity authored
The mmu sometimes needs memory for reverse mapping and parent pte chains. however, we can't allocate from within the mmu because of the atomic context. So, move the allocations to a central place that can be executed before the main mmu machinery, where we can bail out on failure before any damage is done. (error handling is deffered for now, but the basic structure is there) Signed-off-by:
-
Avi Kivity authored
Because mmu pages have attached rmap and parent pte chain structures, we need to zap them before freeing so the attached structures are freed. Signed-off-by:
-
Avi Kivity authored
Signed-off-by:
-
Avi Kivity authored
cmpxchg8b uses edx:eax as the compare operand, not edi:eax. cmpxchg8b is used by 32-bit pae guests to set page table entries atomically, and this is emulated touching shadowed guest page tables. Also, implement it for 32-bit hosts. Signed-off-by:
-
Avi Kivity authored
We always need cr3 to point to something valid, so if we detect that we're freeing a root page, simply push it back to the top of the active list. Signed-off-by:
-
Avi Kivity authored
In fork() (or when we protect a page that is no longer a page table), we can experience floods of writes to a page, which have to be emulated. This is expensive. So, if we detect such a flood, zap the page so subsequent writes can proceed natively. Signed-off-by:
-
Avi Kivity authored
Signed-off-by:
-
Avi Kivity authored
Signed-off-by:
-
Avi Kivity authored
Signed-off-by:
-
Avi Kivity authored
A misaligned access affects two shadow ptes instead of just one. Since a misaligned access is unlikely to occur on a real page table, just zap the page out of existence, avoiding further trouble. Signed-off-by:
-
Avi Kivity authored
Unused. Signed-off-by:
-
Avi Kivity authored
Since we write protect shadowed guest page tables, there is no need to trap page invalidations (the guest will always change the mapping before issuing the invlpg instruction). Signed-off-by:
-
Avi Kivity authored
When beginning to process a page fault, make sure we have enough shadow pages available to service the fault. If not, free some pages. Signed-off-by:
-
Avi Kivity authored
... and so must not free it unconditionally. Move the freeing to kvm_mmu_zap_page(). Signed-off-by:
-
Avi Kivity authored
When removing a page table, we must maintain the parent_pte field all child shadow page tables. Signed-off-by:
-
Avi Kivity authored
A page table may have been recycled into a regular page, and so any instruction can be executed on it. Unprotect the page and let the cpu do its thing. Signed-off-by:
-
Avi Kivity authored
Iterate over all shadow pages which correspond to a the given guest page table and remove the mappings. A subsequent page fault will reestablish the new mapping. Signed-off-by:
-
Avi Kivity authored
As the mmu write protects guest page table, we emulate those writes. Since they are not mmio, there is no need to go to userspace to perform them. So, perform the writes in the kernel if possible, and notify the mmu about them so it can take the approriate action. Signed-off-by:
-
Avi Kivity authored
This fixes a problem where set_pte_common() looked for shadowed pages based on the page directory gfn (a huge page) instead of the actual gfn being mapped. Signed-off-by:
-
Avi Kivity authored
When we cache a guest page table into a shadow page table, we need to prevent further access to that page by the guest, as that would render the cache incoherent. Signed-off-by:
-
Avi Kivity authored
Define a hashtable for caching shadow page tables. Look up the cache on context switch (cr3 change) or during page faults. The key to the cache is a combination of - the guest page table frame number - the number of paging levels in the guest * we can cache real mode, 32-bit mode, pae, and long mode page tables simultaneously. this is useful for smp bootup. - the guest page table table * some kernels use a page as both a page table and a page directory. this allows multiple shadow pages to exist for that page, one per level - the "quadrant" * 32-bit mode page tables span 4MB, whereas a shadow page table spans 2MB. similarly, a 32-bit page directory spans 4GB, while a shadow page directory spans 1GB. the quadrant allows caching up to 4 shadow page tables for one guest page in one level. - a "metaphysical" bit * for real mode, and for pse pages, there is no guest page table, so set the bit to avoid write protecting the page. Signed-off-by: -
Avi Kivity authored
This allows further manipulation on the shadow page table. Signed-off-by:
-
Avi Kivity authored
Signed-off-by:
-
Avi Kivity authored
This lets us not write protect a partial page, and is anyway what a real processor does. Signed-off-by:
-
