From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julien Grall <julien.grall@linaro.org>
Subject: Re: [PATCH v4 4/9] xen: introduce XEN_DOMCTL_devour
Date: Thu, 04 Dec 2014 00:50:37 +0000
Message-ID: <547FAFDD.8010005@linaro.org>
References: <1417626981-8432-1-git-send-email-vkuznets@redhat.com>
	<1417626981-8432-5-git-send-email-vkuznets@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <julien.grall@linaro.org>) id 1XwKcz-0002kO-TH
	for xen-devel@lists.xenproject.org; Thu, 04 Dec 2014 00:50:42 +0000
Received: by mail-wi0-f180.google.com with SMTP id n3so26244144wiv.7
	for <xen-devel@lists.xenproject.org>;
	Wed, 03 Dec 2014 16:50:40 -0800 (PST)
In-Reply-To: <1417626981-8432-5-git-send-email-vkuznets@redhat.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Vitaly Kuznetsov <vkuznets@redhat.com>, xen-devel@lists.xenproject.org
Cc: Andrew Jones <drjones@redhat.com>, Keir Fraser <keir@xen.org>, Ian Campbell <ian.campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Ian Jackson <ian.jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>, David Vrabel <david.vrabel@citrix.com>, Jan Beulich <jbeulich@suse.com>, Wei Liu <wei.liu2@citrix.com>
List-Id: xen-devel@lists.xenproject.org

Hi Vitaly,

On 03/12/2014 17:16, Vitaly Kuznetsov wrote:
> New operation sets the 'recipient' domain which will recieve all

s/recieve/receive/

> memory pages from a particular domain and kills the original domain.
>
> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
> ---
> @@ -1764,13 +1765,32 @@ void free_domheap_pages(struct page_info *pg, unsigned int order)

[..]

> +        else
> +        {
> +            mfn = page_to_mfn(pg);
> +            gmfn = mfn_to_gmfn(d, mfn);
> +
> +            page_set_owner(pg, NULL);
> +            if ( assign_pages(d->recipient, pg, order, 0) )
> +                /* assign_pages reports the error by itself */
> +                goto out;
> +
> +            if ( guest_physmap_add_page(d->recipient, gmfn, mfn, order) )

On ARM, mfn_to_gmfn will always return the mfn. This would result to add 
a 1:1 mapping in the recipient domain.

But ... only DOM0 has its memory mapped 1:1. So this code may blow up 
the P2M of the recipient domain.

I'm not an x86 expert, but this may also happen when the recipient 
domain is using translated page mode (i.e HVM/PVHM).

Regards,

-- 
Julien Grall