From: "Stephen C. Tweedie" <sct@redhat.com>
To: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Cc: Keir Fraser <keir.fraser@eu.citrix.com>,
Jan Beulich <jbeulich@novell.com>
Subject: Illegal PV kernel pfm/pfn translations on PROT_NONE ioremaps
Date: Wed, 19 Mar 2008 15:39:51 +0000 [thread overview]
Message-ID: <1205941191.7277.9.camel@sisko.scot.redhat.com> (raw)
Hi,
On paravirt x86 (both 32- and 64-bit), since cset 13998:
http://xenbits.xensource.com/xen-unstable.hg?rev/13998
we translate all ptes from being mfn-based to pfn-based when the
hardware _PAGE_PRESENT bit is cleared. We do this for PROT_NONE pages,
which appear to the HV to be non-present, but which are special-cased in
the kernel to appear present (a different bit in the pte remains set for
these pages and is caught by the pte_present() tests.)
Unfortunately, it looks like recent X servers are attempting to do
mprotect(PROT_NONE) and back on regions of ioremap()ed memory. When we
do so, the translation of mfn to pfn results on x86_64 in end_pfn:
maddr.h:
static inline unsigned long mfn_to_pfn(unsigned long mfn)
{
...
if (unlikely((mfn >> machine_to_phys_order) != 0))
return end_pfn;
and when we do mprotect(PROT_READ) later on on the same ptes, this
end_pfn value is illegal:
maddr.h:
static inline unsigned long pfn_to_mfn(unsigned long pfn)
{
BUG_ON(end_pfn && pfn >= end_pfn);
so we BUG().
It needs both an updated X and an updated kernel to show the bug, but
given that, this results in an instant, completely repeatable kernel
panic on starting X on both 32- and 64-bits on some hardware.
Any suggestions? The obvious fix is to special-case these mfn_to_pfn
translations so that they can be recognised as "untranslated" by a later
pfn_to_mfn, but ideally we'd want such special pfns to be easily
recognised so that we don't completely lose the value of the BUG_ON()
above.
We'd also ideally like the HV to be able to spot such pte contents, as
they won't (indeed, cannot) be translated on migrate. That's not a
problem for dom0, of course, but might be for domUs with pci
passthrough .
Cheers,
Stephen
next reply other threads:[~2008-03-19 15:39 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-19 15:39 Stephen C. Tweedie [this message]
2008-03-19 16:00 ` Illegal PV kernel pfm/pfn translations on PROT_NONE ioremaps Keir Fraser
2008-03-19 16:31 ` Stephen C. Tweedie
2008-03-19 16:42 ` Keir Fraser
2008-03-19 17:12 ` Stephen C. Tweedie
2008-03-19 18:52 ` Keir Fraser
2008-03-20 11:39 ` Keir Fraser
2008-03-28 16:41 ` Stephen C. Tweedie
2008-03-28 16:44 ` Keir Fraser
2008-03-28 16:45 ` Keir Fraser
2008-03-19 16:34 ` Keir Fraser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1205941191.7277.9.camel@sisko.scot.redhat.com \
--to=sct@redhat.com \
--cc=jbeulich@novell.com \
--cc=keir.fraser@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.