• Rusty Russell's avatar
    lguest: Revert 1ce70c4f, fix real problem. · 4357bd94
    Rusty Russell authored
    Ahmed managed to crash the Host in release_pgd(), which cannot be a Guest
    bug, and indeed it wasn't.
    
    The bug was that handing a 0 as the address of the toplevel page table
    being manipulated can cause the lookup code in find_pgdir() to return
    an uninitialized cache entry (we shadow up to 4 top level page tables
    for each Guest).
    
    Commit 37cc8d7f introduced this
    behaviour in the Guest, uncovering the bug.
    
    The patch which he submitted (which removed the /4 from the index
    calculation) simply ensured that these high-indexed entries hit the
    early exit path of guest_set_pmd().  But you get lots of segfaults in
    guest userspace as the PMDs aren't being updated.
    Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
    4357bd94
boot.c 39.4 KB