diff mbox

Bugfix: Align cpu_physical_memory_set_dirty_flags() addr to page boundary

Message ID 1352408318-10303-1-git-send-email-jjherne@us.ibm.com
State New
Headers show

Commit Message

Jason J. Herne Nov. 8, 2012, 8:58 p.m. UTC 
From: "Jason J. Herne" <jjherne@us.ibm.com>

Some code paths call cpu_physical_memory_set_dirty_flags() with an address that
is not on a page boundary. The subsequent call to cpu_physical_memory_get_dirty
is assuming page boundary alignment because it hard codes a length of
TARGET_PAGE_SIZE.  This causes problems when the target address lies within a
page whose "migration dirty bit" is NOT set, but the following page's
"migration dirty bit" is set.  In this case, cpu_physical_memory_get_dirty will
claim that the page is already dirty when it is not.
cpu_physical_memory_set_dirty_flags then skips incrementing ram_list.dirty_pages
but still updates the target page's dirty bit with the following code:
ram_list.phys_dirty[addr >> TARGET_PAGE_BITS] |= dirty_flags;
This causes our counter to less than the actual number of dirty bits. This can
cause our migration remaining ram counter to underflow and can even hang
migration in some cases.

Signed-off-by: Jason J. Herne <jjherne@us.ibm.com>
---
 exec-obsolete.h |    3 +++
 1 file changed, 3 insertions(+)
diff mbox

Patch

diff --git a/exec-obsolete.h b/exec-obsolete.h
index c099256..8746578 100644
--- a/exec-obsolete.h
+++ b/exec-obsolete.h
@@ -74,6 +74,9 @@  static inline int cpu_physical_memory_get_dirty(ram_addr_t start,
 static inline int cpu_physical_memory_set_dirty_flags(ram_addr_t addr,
                                                       int dirty_flags)
 {
+    /* align addr to a page boundary */
+     addr = (addr >> TARGET_PAGE_BITS) << TARGET_PAGE_BITS;
+
     if ((dirty_flags & MIGRATION_DIRTY_FLAG) &&
         !cpu_physical_memory_get_dirty(addr, TARGET_PAGE_SIZE,
                                        MIGRATION_DIRTY_FLAG)) {