From mboxrd@z Thu Jan  1 00:00:00 1970
From: Gerd Knorr <kraxel@suse.de>
Subject: Re: [patch] pae: tlbflush linear page table updates
Date: Wed, 10 Aug 2005 12:22:22 +0200
Message-ID: <20050810102222.GA32246@bytesex>
References: <20050808145153.GA31526@bytesex>
	<e84933a8f8b29c0649a41b9b74dada57@cl.cam.ac.uk>
	<20050809075414.GA13745@bytesex>
	<416c694c7150940849398dfc41457960@cl.cam.ac.uk>
	<a9c44b1d26138a95924224f29e178145@cl.cam.ac.uk>
	<20050809135223.GA17751@bytesex> <20050809154400.GA20397@bytesex>
	<1a49dd852a0effd5c1f02f13280274ba@cl.cam.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <1a49dd852a0effd5c1f02f13280274ba@cl.cam.ac.uk>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Keir Fraser <Keir.Fraser@cl.cam.ac.uk>
Cc: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

On Tue, Aug 09, 2005 at 05:14:14PM +0100, Keir Fraser wrote:
> 
> On 9 Aug 2005, at 16:44, Gerd Knorr wrote:
> 
> >Hmm, that happens when xen is build with debug=y only, without
> >that it crashes much earlier ...
> 
> Weird. The calls to create_pae_xen_mappings were definitely on the 
> error paths in mod_l3_entry(), which is obviously wrong. I'm surprised 
> that fixing it would make things worse, unless some other patch in the 
> meantime has screwed pae...

No, it's actually the changeset
6056:a1f7e01b0990a378584e718e6d48eac38824fdb9 which broke it.

The create_pae_xen_mappings() call in the error path is broken
indead.  That must have sneaked in somewhen, I'm pretty sure I
wrote that initially as something like

         if ( unlikely(!UPDATE_ENTRY(l3, pl3e, ol3e, nl3e)) ||
	      !create_pae_xen_mappings(pl3e) )
         {
             put_page_from_l3e(nl3e, pfn);
             return 0;
         }

so create_pae_xen_mappings() failure (due to the guest OS trying
illegal things) will *trigger* the error path.  Strange it never
showed up, maybe linux never ever updates l3 entries after
creating them.

BUG_ON(!create_pae_xen_mappings()) is a bad idea, it _can_ fail,
the failure should just be propagated up (so in the end the
hypercall running into this returns some errror) or the domain
should simply be killed ...

  Gerd

-- 
panic("it works"); /* avoid being flooded with debug messages */