From: Olaf Hering <olaf@aepfle.de>
To: Tim Deegan <Tim.Deegan@citrix.com>
Cc: Patrick Colp <pjcolp@cs.ubc.ca>,
"xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
Subject: Re: bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry
Date: Thu, 25 Nov 2010 16:03:10 +0100 [thread overview]
Message-ID: <20101125150310.GA12431@aepfle.de> (raw)
In-Reply-To: <20101124145326.GH19638@whitby.uk.xensource.com>
On Wed, Nov 24, Tim Deegan wrote:
> The problem is that PV guests set their own m2p entries and can't be
> relied on to tear them down.
What needs to happen for PV guests?
Dont they use the machine_to_phys_mapping[] array like HVM guests?
> The guest_physmap_add_entry code, and the p2m audit code, would be made
> more reliable if, say, alloc_domheap_pages and/or free_domheap_pages
> zapped the m2p entries for MFNs they touched.
>
> I think originally that wasn't done because the alloc is quickly
> followed by another write of the m2p but that's probably over-keen
> optimization.
Could it be done like that? (not yet compile-tested)
The mfn is probably always valid.
I see memory_exchange uses assign_pages() to move mfns from one domain
to another (havent studied the whole function yet). I think thats
another place that needs an audit wether the machine_to_phys_mapping[]
array is maintained properly.
--- xen-4.0.1-testing.orig/xen/common/page_alloc.c
+++ xen-4.0.1-testing/xen/common/page_alloc.c
@@ -1146,6 +1146,8 @@ struct page_info *alloc_domheap_pages(
struct page_info *pg = NULL;
unsigned int bits = memflags >> _MEMF_bits, zone_hi = NR_ZONES - 1;
unsigned int node = (uint8_t)((memflags >> _MEMF_node) - 1), dma_zone;
+ int i;
+ mfn_t mfn;
ASSERT(!in_irq());
@@ -1170,6 +1172,13 @@ struct page_info *alloc_domheap_pages(
free_heap_pages(pg, order);
return NULL;
}
+ /* this page is not yet a gfn */
+ mfn = page_to_mfn(pg);
+ if (mfn_valid(mfn))
+ {
+ for ( i = 0; i < (1 << order); i++ )
+ set_gpfn_from_mfn(mfn_x(mfn) + j, INVALID_M2P_ENTRY);
+ }
return pg;
}
@@ -1178,9 +1187,18 @@ void free_domheap_pages(struct page_info
{
int i, drop_dom_ref;
struct domain *d = page_get_owner(pg);
+ mfn_t mfn;
ASSERT(!in_irq());
+ /* this page is not a gfn anymore */
+ mfn = page_to_mfn(pg);
+ if (mfn_valid(mfn))
+ {
+ for ( i = 0; i < (1 << order); i++ )
+ set_gpfn_from_mfn(mfn_x(mfn) + j, INVALID_M2P_ENTRY);
+ }
+
if ( unlikely(is_xen_heap_page(pg)) )
{
/* NB. May recursively lock from relinquish_memory(). */
next prev parent reply other threads:[~2010-11-25 15:03 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-23 21:01 bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry Olaf Hering
2010-11-24 10:22 ` Tim Deegan
2010-11-24 10:26 ` Tim Deegan
2010-11-24 14:41 ` Olaf Hering
2010-11-24 14:53 ` Tim Deegan
2010-11-24 15:00 ` Olaf Hering
2010-11-25 15:03 ` Olaf Hering [this message]
2010-11-25 15:32 ` Tim Deegan
2010-11-25 20:56 ` Olaf Hering
2010-11-25 17:16 ` Keir Fraser
2010-11-25 20:53 ` Olaf Hering
2010-11-25 22:30 ` Keir Fraser
2010-11-26 7:27 ` Olaf Hering
2010-11-24 19:58 ` Olaf Hering
2010-11-24 20:25 ` Patrick Colp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101125150310.GA12431@aepfle.de \
--to=olaf@aepfle.de \
--cc=Tim.Deegan@citrix.com \
--cc=pjcolp@cs.ubc.ca \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.