aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/lguest/segments.c
diff options
context:
space:
mode:
authorRusty Russell <rusty@rustcorp.com.au>2009-04-20 01:14:00 -0400
committerRusty Russell <rusty@rustcorp.com.au>2009-04-19 09:44:01 -0400
commita489f0b555b753f9df8ddc24c7e74f657ef7ee7b (patch)
tree560bd8c56524b658eb0b46e03ef42e262eb5f9b7 /drivers/lguest/segments.c
parent88df781afb788fa588dbf2e77f205214022a8893 (diff)
lguest: fix guest crash on non-linear addresses in gdt pvops
Fixes guest crash 'lguest: bad read address 0x4800000 len 256' The new per-cpu allocator ends up handing a non-linear address to write_gdt_entry. We do __pa() on it, and hand it to the host, which kills us. I've long wanted to make the hypercall "LOAD_GDT_ENTRY" to match the IDT code, but had no pressing reason until now. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Cc: lguest@ozlabs.org
Diffstat (limited to 'drivers/lguest/segments.c')
-rw-r--r--drivers/lguest/segments.c13
1 files changed, 7 insertions, 6 deletions
diff --git a/drivers/lguest/segments.c b/drivers/lguest/segments.c
index 4f15439b7f12..7ede64ffeef9 100644
--- a/drivers/lguest/segments.c
+++ b/drivers/lguest/segments.c
@@ -144,18 +144,19 @@ void copy_gdt(const struct lg_cpu *cpu, struct desc_struct *gdt)
144 gdt[i] = cpu->arch.gdt[i]; 144 gdt[i] = cpu->arch.gdt[i];
145} 145}
146 146
147/*H:620 This is where the Guest asks us to load a new GDT (LHCALL_LOAD_GDT). 147/*H:620 This is where the Guest asks us to load a new GDT entry
148 * We copy it from the Guest and tweak the entries. */ 148 * (LHCALL_LOAD_GDT_ENTRY). We tweak the entry and copy it in. */
149void load_guest_gdt(struct lg_cpu *cpu, unsigned long table, u32 num) 149void load_guest_gdt_entry(struct lg_cpu *cpu, u32 num, u32 lo, u32 hi)
150{ 150{
151 /* We assume the Guest has the same number of GDT entries as the 151 /* We assume the Guest has the same number of GDT entries as the
152 * Host, otherwise we'd have to dynamically allocate the Guest GDT. */ 152 * Host, otherwise we'd have to dynamically allocate the Guest GDT. */
153 if (num > ARRAY_SIZE(cpu->arch.gdt)) 153 if (num > ARRAY_SIZE(cpu->arch.gdt))
154 kill_guest(cpu, "too many gdt entries %i", num); 154 kill_guest(cpu, "too many gdt entries %i", num);
155 155
156 /* We read the whole thing in, then fix it up. */ 156 /* Set it up, then fix it. */
157 __lgread(cpu, cpu->arch.gdt, table, num * sizeof(cpu->arch.gdt[0])); 157 cpu->arch.gdt[num].a = lo;
158 fixup_gdt_table(cpu, 0, ARRAY_SIZE(cpu->arch.gdt)); 158 cpu->arch.gdt[num].b = hi;
159 fixup_gdt_table(cpu, num, num+1);
159 /* Mark that the GDT changed so the core knows it has to copy it again, 160 /* Mark that the GDT changed so the core knows it has to copy it again,
160 * even if the Guest is run on the same CPU. */ 161 * even if the Guest is run on the same CPU. */
161 cpu->changed |= CHANGED_GDT; 162 cpu->changed |= CHANGED_GDT;