From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: [PATCH] iomem: Prevent Dom0 pci bus from
	allocating RAM as I/O space in 2.6.32.27 tree.
Date: Thu, 17 Feb 2011 10:35:48 -0500
Message-ID: <20110217153548.GB32341@dumpdata.com>
References: <1A42CE6F5F474C41B63392A5F80372B2335E978C@shsmsx501.ccr.corp.intel.com>
	<20110216150638.GC12215@dumpdata.com>
	<20110216152021.GA5894@dumpdata.com>
	<20110216154759.GA3921@dumpdata.com> <4D5CB2DF.80604@intel.com>
	<20110217142338.GC5987@dumpdata.com>
	<FC2FB65B4D919844ADE4BE3C2BB739AD36A78D7D@shsmsx501.ccr.corp.intel.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <FC2FB65B4D919844ADE4BE3C2BB739AD36A78D7D@shsmsx501.ccr.corp.intel.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: "Li, Xin" <xin.li@intel.com>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>, xen-devel <xen-devel@lists.xensource.com>, "Dong,
	Eddie" <eddie.dong@intel.com>, "Jiang,
	Yunhong" <yunhong.jiang@intel.com>, "Zhang,
	Fengzhe" <fengzhe.zhang@intel.com>
List-Id: xen-devel@lists.xenproject.org

On Thu, Feb 17, 2011 at 11:07:35PM +0800, Li, Xin wrote:
> > > However, I still doubt if the igb device is working correctly. The
> > 
> > OK, that is a different bug, if it is a bug.
> > 
> > > sequence that igb driver do ioremap is like this:
> > >
> > > 1. igb calls function pci_ubs_alloc_resource to get some non-RAM pages.
> > > 2. igb sets the phys_addr of the pages in some BAR.
> > > 3. igb ioremaps these pages.
> > >
> > > After patching, it looks like ioremap gets some mfn allocated by
> > > Xen. But what set in BAR is still phys_addr. If igb device tries to
> > 
> > No. It just sets the PTE to the PFN.
> 
> Then it's just a workaround to the crash.  The PFN allocated in dom0 is actually Xen RAM page, thus the driver may corrupt the page which actually belongs to Xen or other domain.

Are we taking about the crash that is fixed if you revert
0b56d9994ebe34df77fa156d2068ad93b7877b44?

Or is this about the igb - if so can you create a new thread with the
serial output for that crash.
> 
> > 
> > > access the pages directly, would Xen be able to intercept and
> > > translate it? And also, how the contiguity of mfns be guaranteed?
> > 
> > B/c we don't touch the P2M mapping. We bypass that altogether
> > and set the PTE with the phys_addr (which is based on the BARs).
> > We can do that since those PFN's belong to the DOMID_IO which
> > has a different mechanism for checking the MFN continuity (it
> > uses ranges). 
> 
> I'm still not persuaded this is a reasonable fix.  I'm still thinking Xen can't use the PFN from dom0, it's guest PFN allocated in dom0 according to its e820 which falls into host RAM range.

Looking at the crash serial output, the Xen hypervisor thinks from looking at its M2P list
that this is a DOMID_IO page.... ? So it wouldn't be shared by other guests?