From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeremy Fitzhardinge Subject: Re: mm.c:777:d2 Non-privileged (2) attempt to map I/O space 000f995a + (XEN) mm.c:845:d20 Error getting mfn jd (pfn 84fd) from L1 entry 800000000246d467 for l1e_owner=20, pg_owner=32753 Date: Mon, 30 Nov 2009 22:40:21 -0800 Message-ID: <4B14BA55.80503@goop.org> References: <481249.38422.qm@web25602.mail.ukl.yahoo.com> <4A78CA69.3090105@goop.org> <0E87C0E865217944860BB378D2898000E1467F@srv-mail.apnos.int> <0E87C0E865217944860BB378D2898000E146B1@srv-mail.apnos.int> <4A7B306D.5080108@goop.org> <20091109235051.GA20408@phenom.dumpdata.com> <20091201031120.GA11230@phenom.dumpdata.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20091201031120.GA11230@phenom.dumpdata.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Konrad Rzeszutek Wilk Cc: Ian.Campbell@eu.citrix.com, xen-devel@lists.xensource.com, Olivier NOEL , keir.fraser@eu.citrix.com, JBeulich@novell.com List-Id: xen-devel@lists.xenproject.org On 11/30/09 19:11, Konrad Rzeszutek Wilk wrote: > next in the user space we do: > handle[i] = 'a'; > > which causes a page_fault and we jump to the kernel: > page_fault -> > handle_mm_fault -> > __do_fault() > |-----vm_ops->fault (fb_deferred_io_fault): > | fb_deferred_io_page: > | vmalloc_to_page [We now have a page] > | vmf->page = page [page attached to the user address, good] > |----mk_pte( .. ), sets PAGE_IOMAP > | > |----xen_set_pte_at (): > [ This is the fun part ] > |----if (xen_iomap_pte(pteval)) [ checks if _PAGE_IOMAP is set] > |----xen_set_domain_pte(): > [which makes the PTE belong to DOMID_IO] > > And at that point the Xen Hypervisor is called, and spits out: > (XEN) mm.c:845:d20 Error getting mfn jd (pfn 84fd) from L1 entry 800000000246d467 for l1e_owner=20, pg_owner=32753 > > as it interprets the PFN as the MFN. > OK, that makes sense. Thanks for tracking it down. > This is incorrect as the page is vmalloc-ed and has no IO backing. > > Poking around I've come up with three ideas to solve this: > > 1). Inhibit xen_fb_deferred_io_map from setting VM_IO. That fixes the issue, but > there are drivers (sh_mobile_lcdcfb.c) that have the fb be backed up by a physical > page, in which case VM_IO is correct. So this is a no go. > 1a) add a flag to avoid setting VM_IO? (uncompiled, untested, uneverything) diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c index 0a7a667..dd03822 100644 --- a/drivers/video/fb_defio.c +++ b/drivers/video/fb_defio.c @@ -144,7 +144,9 @@ static const struct address_space_operations fb_deferred_io_aops = { static int fb_deferred_io_mmap(struct fb_info *info, struct vm_area_struct *vma) { vma->vm_ops = &fb_deferred_io_vm_ops; - vma->vm_flags |= ( VM_IO | VM_RESERVED | VM_DONTEXPAND ); + vma->vm_flags |= ( VM_RESERVED | VM_DONTEXPAND ); + if (!(info->flags & FBINFO_VIRTFB)) + vma->vm_flags |= VM_IO; vma->vm_private_data = info; return 0; } diff --git a/drivers/video/xen-fbfront.c b/drivers/video/xen-fbfront.c index 0c6b1c6..60d9d61 100644 --- a/drivers/video/xen-fbfront.c +++ b/drivers/video/xen-fbfront.c @@ -440,7 +440,7 @@ static int __devinit xenfb_probe(struct xenbus_device *dev, fb_info->fix.type = FB_TYPE_PACKED_PIXELS; fb_info->fix.accel = FB_ACCEL_NONE; - fb_info->flags = FBINFO_FLAG_DEFAULT; + fb_info->flags = FBINFO_DEFAULT | FBINFO_VIRTFB; ret = fb_alloc_cmap(&fb_info->cmap, 256, 0); if (ret < 0) { diff --git a/include/linux/fb.h b/include/linux/fb.h index f847df9..65134b5 100644 --- a/include/linux/fb.h +++ b/include/linux/fb.h @@ -766,6 +766,7 @@ struct fb_tile_ops { * Hardware acceleration is turned off. Software implementations * of required functions (copyarea(), fillrect(), and imageblit()) * takes over; acceleration engine should be in a quiescent state */ +#define FBINFO_VIRTFB 0x0004 /* FB is in system RAM, not device */ /* hints */ #define FBINFO_PARTIAL_PAN_OK 0x0040 /* otw use pan only for double-buffering */ J