[PATCH] fix bug 169

[PATCH] fix bug 169

[Li, Xin B]

This patch fixes bug 169.

The root cause of bug 169 is, machine_to_phys_mapping, starting from
0xffff800000000000, is mapped using 2M pages.  When the system has RAM
no more than 2G, only one 2M page is allocated and only one PDE entry is
created correspondingly, so calling mfn_to_pfn with mfn > 0x80000 will
overflow this 2M page and cause a unable handled kernel paging request.
The mfn > 0x80000 comes from PCI device I/O memory, here from AGP
display card when booting X server.  Jun suggested to use something like
get_user() when accessing machine_to_phys_mapping.

Signed-off-by: Xin Li <xin.b.li@intel.com>

diff -r d8fd24b43080
linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h    Mon Aug
22 10:18:14 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h    Thu Aug
25 22:49:59 2005
@@ -64,7 +64,28 @@
 /**** MACHINE <-> PHYSICAL CONVERSION MACROS ****/
 extern u32 *phys_to_machine_mapping;
 #define pfn_to_mfn(_pfn) ((unsigned long)
phys_to_machine_mapping[(unsigned int)(_pfn)])
-#define mfn_to_pfn(_mfn) ((unsigned long)
machine_to_phys_mapping[(unsigned int)(_mfn)])
+//#define mfn_to_pfn(_mfn) ((unsigned long)
machine_to_phys_mapping[(unsigned int)(_mfn)])
+static inline unsigned long mfn_to_pfn(unsigned long mfn)
+{
+       unsigned int pfn;
+       u32* addr = &machine_to_phys_mapping[(unsigned int)(mfn)];
+
+       __asm__ __volatile__(
+               "1:     movl %1,%k0\n"
+               "2:\n"
+               ".section .fixup,\"ax\"\n"
+               "3:     movl %2,%k0\n"
+               "       jmp 2b\n"
+               ".previous\n"
+               ".section __ex_table,\"a\"\n"
+               "       .align 8\n"
+               "       .quad 1b,3b\n"
+               ".previous"
+               : "=r"(pfn)
+               : "m"(*addr), "i"(0x55555555));
+
+       return (unsigned long)pfn;
+}

 /* Definitions for machine and pseudophysical addresses. */
 typedef unsigned long paddr_t;

RE: [PATCH] fix bug 169

[Li, Xin B]

[-- Attachment #1: Type: text/plain, Size: 2510 bytes --]

Resend as a attachement.
-Xin 

>-----Original Message-----
>From: xen-devel-bounces@lists.xensource.com 
>[mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Li, Xin B
>Sent: 2005年8月25日 23:01
>To: xen-devel@lists.xensource.com
>Subject: [Xen-devel] [PATCH] fix bug 169
>
>This patch fixes bug 169.
>
>The root cause of bug 169 is, machine_to_phys_mapping, starting from
>0xffff800000000000, is mapped using 2M pages.  When the system has RAM
>no more than 2G, only one 2M page is allocated and only one 
>PDE entry is
>created correspondingly, so calling mfn_to_pfn with mfn > 0x80000 will
>overflow this 2M page and cause a unable handled kernel paging request.
>The mfn > 0x80000 comes from PCI device I/O memory, here from AGP
>display card when booting X server.  Jun suggested to use 
>something like
>get_user() when accessing machine_to_phys_mapping.
>
>Signed-off-by: Xin Li <xin.b.li@intel.com>
>
>diff -r d8fd24b43080
>linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h
>--- a/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h    Mon Aug
>22 10:18:14 2005
>+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h    Thu Aug
>25 22:49:59 2005
>@@ -64,7 +64,28 @@
> /**** MACHINE <-> PHYSICAL CONVERSION MACROS ****/
> extern u32 *phys_to_machine_mapping;
> #define pfn_to_mfn(_pfn) ((unsigned long)
>phys_to_machine_mapping[(unsigned int)(_pfn)])
>-#define mfn_to_pfn(_mfn) ((unsigned long)
>machine_to_phys_mapping[(unsigned int)(_mfn)])
>+//#define mfn_to_pfn(_mfn) ((unsigned long)
>machine_to_phys_mapping[(unsigned int)(_mfn)])
>+static inline unsigned long mfn_to_pfn(unsigned long mfn)
>+{
>+       unsigned int pfn;
>+       u32* addr = &machine_to_phys_mapping[(unsigned int)(mfn)];
>+
>+       __asm__ __volatile__(
>+               "1:     movl %1,%k0\n"
>+               "2:\n"
>+               ".section .fixup,\"ax\"\n"
>+               "3:     movl %2,%k0\n"
>+               "       jmp 2b\n"
>+               ".previous\n"
>+               ".section __ex_table,\"a\"\n"
>+               "       .align 8\n"
>+               "       .quad 1b,3b\n"
>+               ".previous"
>+               : "=r"(pfn)
>+               : "m"(*addr), "i"(0x55555555));
>+
>+       return (unsigned long)pfn;
>+}
>
> /* Definitions for machine and pseudophysical addresses. */
> typedef unsigned long paddr_t;
>
>_______________________________________________
>Xen-devel mailing list
>Xen-devel@lists.xensource.com
>http://lists.xensource.com/xen-devel
>

[-- Attachment #2: fix_bug_169.patch --]
[-- Type: application/octet-stream, Size: 1088 bytes --]

diff -r d8fd24b43080 linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h
--- a/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h	Mon Aug 22 10:18:14 2005
+++ b/linux-2.6-xen-sparse/include/asm-xen/asm-x86_64/page.h	Thu Aug 25 23:02:23 2005
@@ -64,7 +64,28 @@
 /**** MACHINE <-> PHYSICAL CONVERSION MACROS ****/
 extern u32 *phys_to_machine_mapping;
 #define pfn_to_mfn(_pfn) ((unsigned long) phys_to_machine_mapping[(unsigned int)(_pfn)])
-#define mfn_to_pfn(_mfn) ((unsigned long) machine_to_phys_mapping[(unsigned int)(_mfn)])
+
+static inline unsigned long mfn_to_pfn(unsigned long mfn)
+{
+	unsigned int pfn;
+	u32* addr = &machine_to_phys_mapping[(unsigned int)(mfn)];
+
+	__asm__ __volatile__(
+		"1:	movl %1,%k0\n"
+		"2:\n"
+		".section .fixup,\"ax\"\n"
+		"3:	movl %2,%k0\n"
+		"	jmp 2b\n"
+		".previous\n"
+		".section __ex_table,\"a\"\n"
+		"	.align 8\n"
+		"	.quad 1b,3b\n"
+		".previous"
+		: "=r"(pfn)
+		: "m"(*addr), "i"(0x55555555));
+
+	return (unsigned long)pfn;
+}
 
 /* Definitions for machine and pseudophysical addresses. */
 typedef unsigned long paddr_t;

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: [PATCH] fix bug 169

[Keir Fraser]

On 25 Aug 2005, at 16:01, Li, Xin B wrote:

> This patch fixes bug 169.

Good catch! I think this should also close bug 187 (David: please can 
you test latest tip).

  -- Keir

Re: [PATCH] fix bug 169

[David F Barrera]

Keir Fraser wrote:

>
> On 25 Aug 2005, at 16:01, Li, Xin B wrote:
>
>> This patch fixes bug 169.
>
>
> Good catch! I think this should also close bug 187 (David: please can 
> you test latest tip).

Building it right now.

>
>  -- Keir
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>

Re: [PATCH] fix bug 169

[David F Barrera]

Beautiful. Dom0 boots now, and I am able to create a domU on both 
machines. I will close bugs #169 and #187. Thanks!

David

Keir Fraser wrote:

>
> On 25 Aug 2005, at 16:01, Li, Xin B wrote:
>
>> This patch fixes bug 169.
>
>
> Good catch! I think this should also close bug 187 (David: please can 
> you test latest tip).
>
>  -- Keir
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
>