Re: [PATCH] xen/balloon: flush unused mappings before updating P2M table

All of lore.kernel.org
 help / color / mirror / Atom feed

From: David Vrabel <david.vrabel@citrix.com>
To: Wei Liu <wei.liu2@citrix.com>
Cc: xen-devel@lists.xenproject.org,
	Boris Ostrovsky <boris.ostrovsky@oracle.com>,
	Tim Deegan <tim@xen.org>
Subject: Re: [PATCH] xen/balloon: flush unused mappings before updating P2M table
Date: Fri, 14 Mar 2014 18:44:54 +0000	[thread overview]
Message-ID: <53234E26.7050706@citrix.com> (raw)
In-Reply-To: <20140314182750.GE16807@zion.uk.xensource.com>

On 14/03/14 18:27, Wei Liu wrote:
> On Fri, Mar 14, 2014 at 06:05:50PM +0000, David Vrabel wrote:
>> On 14/03/14 16:21, Wei Liu wrote:
>>> Xen balloon driver will update ballooned out pages' P2M entries to point
>>> to scratch page for PV guests. In 24f69373e2 ("xen/balloon: don't alloc
>>> page while non-preemptible", kmap_flush_unused was moved after the
>>> update for P2M table. In that case for 32 bit PV guest we might end up
>>> with
>>>
>>> P2M    X -----> scratch_page
>>> M2P    Y -----> X  (Y is mfn in unused kmap entry)
>>>
>>> When PVMMU is consulted, it gets confused and returns the wrong value.
>>> Eventually the guest crashes.
>>>
>>> Move the flush before __set_phys_to_machine to fix this.
>>
>> The scrub_page() will immediately repopulate the kmap cache with the MFN
>> about to be returned to Xen so this isn't the correct place.
>>
> 
> If XEN_SCRUB_PAGE is not set then scrub_page is a nop. Even if
> XEN_SCRUB_PAGE is set, the call to clear_highpage affects per-cpu kmap
> not persisten kmap. kmap_flush_unused affects persistent kmap.
> 
>> I don't understand your description of the problem so I cannot suggest a
>> correct fix.  What's consulting what?
>>
> 
> kmap_flush_unused consults PVMMU. It goes through all global kmap slots
> and try to clear those unused ones. It calls flush_all_zero_pkmaps which
> calls pte_page, which eventually goes to PVMMU.

Ok, that's a real bug then.  The P2M cannot be changed if there are
still mappings for that PFN.

David

next prev parent reply	other threads:[~2014-03-14 18:44 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-03-14 16:21 [PATCH] xen/balloon: flush unused mappings before updating P2M table Wei Liu
2014-03-14 18:05 ` David Vrabel
2014-03-14 18:27   ` Wei Liu
2014-03-14 18:44     ` David Vrabel [this message]
2014-03-14 18:57       ` Wei Liu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53234E26.7050706@citrix.com \
    --to=david.vrabel@citrix.com \
    --cc=boris.ostrovsky@oracle.com \
    --cc=tim@xen.org \
    --cc=wei.liu2@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.