From mboxrd@z Thu Jan  1 00:00:00 1970
From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Subject: Re: Problem with gntdev : Bad page map
Date: Tue, 26 Mar 2013 12:46:58 -0700 (PDT)
Message-ID: <20130326194658.GA20949@phenom.dumpdata.com>
References: <CAOV6k-BYTLwdDKu4+o-aQ7NnVgc+T7rwhnTN9FBoJh3fa_Ef6A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <CAOV6k-BYTLwdDKu4+o-aQ7NnVgc+T7rwhnTN9FBoJh3fa_Ef6A@mail.gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: =?iso-8859-1?Q?S=E9bastien_Fr=E9mal?= <sebastien.fremal@gmail.com>
Cc: xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On Tue, Mar 26, 2013 at 05:32:00PM +0100, S=E9bastien Fr=E9mal wrote:
> Hello,
> =

> I'm using xen 4.1.2 and I try to shared memory pages between the dom0 and
> domU's. For that purpose, I looked at gntalloc and gntdev. To test these
> modules, I created two programs :

You are using an older kernel - and there wer some updates in the gntalloc/=
gntdev
driver. Do you see this when you use an updated kernel?
> =

>    - gntalloc_test : a program running in dom0 and granting some pages to=
 a
>    domU and putting random values in it.
>    - gntdev_test : a program running in the domU, mapping the granted pag=
es
>    and reading the values contained in it.
> =

> I succeeded in transferring values from dom0 to domU, but I have a Bad pa=
ge
> map error when the program in domU exits :
> =

> [  123.903755] BUG: Bad page map in process test  pte:80000000107ff167
> pmd:0c7e3067
> [  123.903765] page:ffffea000041ffc0 count:0 mapcount:-1 mapping:
>  (null) index:0xffff88000e56b500
> [  123.903899] page flags:
> 0x100000000000c14(referenced|dirty|reserved|private)
> [  123.903910] addr:00007f9845c3d000 vm_flags:000e00fb anon_vma:
>  (null) mapping:ffff88000d637668 index:0
> [  123.903920] vma->vm_ops->fault: 0x0
> [  123.903924] vma->vm_file->f_op->mmap: gntdev_mmap+0x0/0x290 [xen_gntde=
v]
> =

> If I run several times gntdev_test, the count and the mapcount keeps
> decreasing :
> =

> [  125.144693] page:ffffea000041ffc0 count:-1 mapcount:-2 mapping:
>  (null) index:0xffff88000e56b720
> [  126.072717] page:ffffea000041ffc0 count:-2 mapcount:-3 mapping:
>  (null) index:0xffff88000e56b7c0
> =

> The error message coming from dmesg is :
> =

> [  126.072703] BUG: Bad page map in process test  pte:80000000107ff167
> pmd:0e6a2067
> [  126.072717] page:ffffea000041ffc0 count:-2 mapcount:-3 mapping:
>  (null) index:0xffff88000e56b7c0
> [  126.072724] page flags:
> 0x100000000000c14(referenced|dirty|reserved|private)
> [  126.072739] addr:00007ff931aec000 vm_flags:000e00fb anon_vma:
>  (null) mapping:ffff88000d637668 index:0
> [  126.072749] vma->vm_ops->fault: 0x0
> [  126.072754] vma->vm_file->f_op->mmap: gntdev_mmap+0x0/0x290 [xen_gntde=
v]
> [  126.072761] Pid: 1268, comm: test Tainted: G    B   W
>  3.2.0-34-generic #53-Ubuntu
> [  126.072764] Call Trace:
> [  126.072769]  [<ffffffff81139c99>] print_bad_pte+0x1d9/0x270
> [  126.072772]  [<ffffffff8113c799>] zap_pte_range+0x369/0x3d0
> [  126.072775]  [<ffffffff81005339>] ?
> __raw_callee_save_xen_pmd_val+0x11/0x1e
> [  126.072779]  [<ffffffff8113c9aa>] unmap_page_range+0x1aa/0x300
> [  126.072782]  [<ffffffff8113d08a>] unmap_vmas+0xca/0x1a0
> [  126.072785]  [<ffffffff81144607>] exit_mmap+0x97/0x140
> [  126.072788]  [<ffffffff8113dde8>] ? handle_mm_fault+0x1f8/0x350
> [  126.072792]  [<ffffffff8165bfde>] ? _raw_spin_unlock_irqrestore+0x1e/0=
x30
> [  126.072795]  [<ffffffff81064b92>] mmput.part.16+0x42/0x130
> [  126.072798]  [<ffffffff81064ca9>] mmput+0x29/0x30
> [  126.072802]  [<ffffffff8106b603>] exit_mm+0x113/0x130
> [  126.072806]  [<ffffffff810e41c5>] ? taskstats_exit+0x45/0x240
> [  126.072809]  [<ffffffff8165c0b5>] ? _raw_spin_lock_irq+0x15/0x20
> [  126.072812]  [<ffffffff8106b78e>] do_exit+0x16e/0x450
> [  126.072817]  [<ffffffff811783e0>] ? vfs_write+0x110/0x180
> [  126.072820]  [<ffffffff8106bc14>] do_group_exit+0x44/0xa0
> [  126.072823]  [<ffffffff8106bc87>] sys_exit_group+0x17/0x20
> [  126.072826]  [<ffffffff816643c2>] system_call_fastpath+0x16/0x1b
> =

> Here are the codes of the two programs :
> =

> gntalloc_test.c :
> =

> #include <stdio.h>
> #include <stdint.h>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <sys/mman.h>
> #include <fcntl.h>
> #include <xen/gntalloc.h>
> #include <linux/ioctl.h>
> =

> int main(){
>         int fd =3D open("/dev/xen/gntalloc", O_RDWR);
>         if(fd =3D=3D -1){
>                 perror("Open : ");
>                 return -1;
>         }
>         struct ioctl_gntalloc_alloc_gref arg;
>         arg.domid =3D 5;
>         arg.flags =3D GNTALLOC_FLAG_WRITABLE;
>         arg.count =3D 4;
>         ioctl(fd, IOCTL_GNTALLOC_ALLOC_GREF, &arg);
>         int i;
>         for(i=3D0; i<4;++i)
>             printf("Gref : %d\n", arg.gref_ids[i]);
>         struct ioctl_gntalloc_dealloc_gref dearg;
>         dearg.index =3D arg.index;
>         dearg.count =3D arg.count;
>         int * vadr =3D mmap(0, getpagesize(), PROT_READ | PROT_WRITE,
> MAP_SHARED, fd, 0);
>         vadr[0]=3D1337;
>         vadr[1]=3D20057;
>         vadr[2]=3D9000;
>         int wait;
>         printf("vadr : %d %d %d\nEn attente ...\n", vadr[0], vadr[1],
> vadr[2]);
>         scanf("%d", &wait);
>         ioctl(fd, IOCTL_GNTALLOC_DEALLOC_GREF, &dearg);
> }
> =

> gntdev_test.c :
> =

> #include <stdio.h>
> #include <stdint.h>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <sys/mman.h>
> #include <fcntl.h>
> #include <xen/gntdev.h>
> #include <linux/ioctl.h>
> =

> int main(){
>         int fd;
>         if((fd =3D open("/dev/xen/gntdev2", O_RDWR))=3D=3D-1){
>                 perror("open");
>                 return;
>         }
>         struct ioctl_gntdev_map_grant_ref arg;
>         struct ioctl_gntdev_unmap_grant_ref dearg[2];
>         arg.count =3D 1;
>         arg.refs[0].ref=3D32;
>         arg.refs[0].domid=3D0;
>         ioctl(fd, IOCTL_GNTDEV_MAP_GRANT_REF, &arg);
>         dearg[0].index =3D arg.index;
>         dearg[0].count =3D arg.count;
>         arg.refs[0].ref=3D33;
>         ioctl(fd, IOCTL_GNTDEV_MAP_GRANT_REF, &arg);
>         printf("Index in the file : %ld\n", arg.index);
>         int * vaddr;
>         if((vaddr =3D mmap(0, getpagesize(), PROT_READ | PROT_WRITE,
> MAP_SHARED, f
> d, 0))=3D=3DNULL)
>                 return;
>         printf("Vaddr : %d %d %d\n", vaddr[0], vaddr[1], vaddr[2]);
> =

>         dearg[1].index =3D arg.index;
>         dearg[1].count =3D arg.count;
>         printf("First grant\n");
>         ioctl(fd, IOCTL_GNTDEV_UNMAP_GRANT_REF, &dearg[0]);
>         printf("Second grant\n");
>         ioctl(fd, IOCTL_GNTDEV_UNMAP_GRANT_REF, &dearg[1]);
>         printf("The end\n");
> }
> =

> I tried to track where the error comes from. When I execute gntdev_test,
> the error message is displayed after the final message (The end) ; if I
> look dmesg I can see than :
> - The first page is "unmapped"
> - The second page is "unmapped"
> - The second page is freed
> - The error happens
> - gntdev_vma_close is called
> - The first page is freed
> I used a modified version of the module to track these steps, but the
> original module
> (/lib/modules/3.2.0-34-generic/kernel/drivers/xen/xen-gntdev.ko) gives the
> same error.
> =

> I suppose that something is missing in gntdev_test.c to manage the mapping
> of pages but I don't know what. I tried to call the unmap function, but
> it's worst as it adds other errors.
> =

> Does someone know what's missing please ?
> =

> Best regards,
> =

> Fr=E9mal S=E9bastien

> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel