From mboxrd@z Thu Jan  1 00:00:00 1970
From: Olaf Hering <olaf@aepfle.de>
Subject: Re: Re: mapping problems in xenpaging
Date: Mon, 3 Oct 2011 16:56:16 +0200
Message-ID: <20111003145616.GA8610@aepfle.de>
References: <CACavRyB4kvMLZK1-vv9bJnVdnpKJBHTmnhJxt6g3eh88xY6FTg@mail.gmail.com>
	<20110929170244.GA29163@aepfle.de>
	<CAAJKtqrFuJkNAZZhRs8tC0ymgQTD0G2VTgYexQ9EhnCxsJNZuw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <CAAJKtqrFuJkNAZZhRs8tC0ymgQTD0G2VTgYexQ9EhnCxsJNZuw@mail.gmail.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Adin Scannell <adin@gridcentric.ca>
Cc: zhen shi <bickys1986@gmail.com>, xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org

On Fri, Sep 30, Adin Scannell wrote:

> >>  When we analyze and test xenpaging,we found there are some problems between
> >> mapping and xenpaging.
> >>  1) When mapping firstly, then do xenpaging,and the code paths have resolved
> >> the problems.It's OK.
> >>  2) The problems exists if we do address mapping firstly then go to
> >> xenpaging,and our confusions are as followings:
> >>    a) If the domU's memory is directly mapped to dom0,such as the hypercall
> >> from pv driver,then it will build a related page-table in dom0,which will not
> >> change p2m-type.
> >>       and then do the xenpaging to page out the domU's memory pages whose gfn
> >> address have been already mapped to dom0;So it will cause some problems when
> >> dom0
> >>       accesses these pages.Because these pages are paged-out,and dom0 cannot
> >> tell the p2mt before access the pages.
> >
> > I'm not entirely sure what you do. xenpaging runs in dom0 and is able to
> > map paged-out pages. It uses that to trigger a page-in, see
> > tools/xenpaging/pagein.c in xen-unstable.hg
> 
> Here's my take...
> 
> Xenpaging doesn't allow selection of pages that have been mapped by
> other domains (as in p2m.c):
> 
>  669 int p2m_mem_paging_nominate(struct domain *d, unsigned long gfn)
> ....
>  693     /* Check page count and type */
>  694     page = mfn_to_page(mfn);
>  695     if ( (page->count_info & (PGC_count_mask | PGC_allocated)) !=
>  696          (1 | PGC_allocated) )
>  697         goto out;
> 
> *However*, I think that the problem Zhen is describing still exists:
> 1) xenpaging nominates a page, it is successful.
> 2) dom0 maps the same page (a process other than xenpaging, which will
> also map it).
> 3) xenpaging evicts the page, successfully.
> 
> I've experienced a few nasty crashes, and I think this could account
> for a couple (but certainly not all)... I think that the solution may
> be to repeat the refcount check in paging_evict, and roll back the
> nomination gracefully if the race is detected. Thoughts?

Are there really code paths that touch a mfn without going through the
p2m functions? If so I will copy the check and update xenpaging.

Olaf