From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julien Grall <julien.grall@linaro.org>
Subject: Re: [PATCH v4 4/9] xen: introduce XEN_DOMCTL_devour
Date: Thu, 04 Dec 2014 10:52:34 +0000
Message-ID: <54803CF2.8080009@linaro.org>
References: <1417626981-8432-1-git-send-email-vkuznets@redhat.com>
	<1417626981-8432-5-git-send-email-vkuznets@redhat.com>
	<547FAFDD.8010005@linaro.org> <5480351F.3050907@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta4.messagelabs.com ([85.158.143.247])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <julien.grall@linaro.org>) id 1XwU1V-0005Uz-ME
	for xen-devel@lists.xenproject.org; Thu, 04 Dec 2014 10:52:37 +0000
Received: by mail-wg0-f46.google.com with SMTP id a1so13985009wgh.5
	for <xen-devel@lists.xenproject.org>;
	Thu, 04 Dec 2014 02:52:36 -0800 (PST)
In-Reply-To: <5480351F.3050907@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: David Vrabel <david.vrabel@citrix.com>, Vitaly Kuznetsov <vkuznets@redhat.com>, xen-devel@lists.xenproject.org
Cc: Andrew Jones <drjones@redhat.com>, Keir Fraser <keir@xen.org>, Ian Campbell <ian.campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Ian Jackson <ian.jackson@eu.citrix.com>, Tim Deegan <tim@xen.org>, Jan Beulich <jbeulich@suse.com>, Wei Liu <wei.liu2@citrix.com>
List-Id: xen-devel@lists.xenproject.org



On 04/12/2014 10:19, David Vrabel wrote:
> On 04/12/14 00:50, Julien Grall wrote:
>> Hi Vitaly,
>>
>> On 03/12/2014 17:16, Vitaly Kuznetsov wrote:
>>> New operation sets the 'recipient' domain which will recieve all
>>
>> s/recieve/receive/
>>
>>> memory pages from a particular domain and kills the original domain.
>>>
>>> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
>>> ---
>>> @@ -1764,13 +1765,32 @@ void free_domheap_pages(struct page_info *pg,
>>> unsigned int order)
>>
>> [..]
>>
>>> +        else
>>> +        {
>>> +            mfn = page_to_mfn(pg);
>>> +            gmfn = mfn_to_gmfn(d, mfn);
>>> +
>>> +            page_set_owner(pg, NULL);
>>> +            if ( assign_pages(d->recipient, pg, order, 0) )
>>> +                /* assign_pages reports the error by itself */
>>> +                goto out;
>>> +
>>> +            if ( guest_physmap_add_page(d->recipient, gmfn, mfn,
>>> order) )
>>
>> On ARM, mfn_to_gmfn will always return the mfn. This would result to add
>> a 1:1 mapping in the recipient domain.
>>
>> But ... only DOM0 has its memory mapped 1:1. So this code may blow up
>> the P2M of the recipient domain.
>>
>> I'm not an x86 expert, but this may also happen when the recipient
>> domain is using translated page mode (i.e HVM/PVHM).
>
> mfn_to_gmfn() does the correct thing on x86 as it does a m2p lookup.

Is it because machine_to_phys_mapping caches the translation for dying
domain?

-- 
Julien Grall