From mboxrd@z Thu Jan  1 00:00:00 1970
From: George Dunlap <george.dunlap@eu.citrix.com>
Subject: Re: [PATCH] x86/p2m-ept: Don't unmap the EPT pagetable
 while it is still in use
Date: Thu, 2 Jul 2015 11:07:30 +0100
Message-ID: <55950D62.8030300@eu.citrix.com>
References: <1435684155-11807-1-git-send-email-andrew.cooper3@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1435684155-11807-1-git-send-email-andrew.cooper3@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Andrew Cooper <andrew.cooper3@citrix.com>, Xen-devel <xen-devel@lists.xen.org>
Cc: Kevin Tian <kevin.tian@intel.com>, Eddie Dong <eddie.dong@intel.com>, Jun Nakajima <jun.nakajima@intel.com>, Jan Beulich <JBeulich@suse.com>
List-Id: xen-devel@lists.xenproject.org

On 06/30/2015 06:09 PM, Andrew Cooper wrote:
> The call to iommu_pte_flush() between the two hunks uses &ept_entry->epte
> which is a pointer into the mapped page.
> 
> It is eventually passed to `clflush` instruction which will suffer a pagefault
> if the virtual mapping has fallen out of the TLB.
> 
>     (XEN) ----[ Xen-4.5.0-xs102594-d  x86_64  debug=y  Not tainted ]----
>     (XEN) CPU:    7
>     (XEN) RIP:    e008:[<ffff82d0801572f0>] cacheline_flush+0x4/0x9
>     <snip>
>     (XEN) Xen call trace:
>     (XEN)    [<ffff82d0801572f0>] cacheline_flush+0x4/0x9
>     (XEN)    [<ffff82d08014ffff>] __iommu_flush_cache+0x4a/0x6a
>     (XEN)    [<ffff82d0801532e2>] iommu_pte_flush+0x2b/0xd5
>     (XEN)    [<ffff82d0801f909a>] ept_set_entry+0x4bc/0x61f
>     (XEN)    [<ffff82d0801f0c25>] p2m_set_entry+0xd1/0x112
>     (XEN)    [<ffff82d0801f25b1>] clear_mmio_p2m_entry+0x1a0/0x200
>     (XEN)    [<ffff82d0801f4aac>] unmap_mmio_regions+0x49/0x73
>     (XEN)    [<ffff82d080106292>] do_domctl+0x15bd/0x1edb
>     (XEN)    [<ffff82d080234fcb>] syscall_enter+0xeb/0x145
>     (XEN)
>     (XEN) Pagetable walk from ffff820040004ae0:
>     (XEN)  L4[0x104] = 00000008668a5063 ffffffffffffffff
>     (XEN)  L3[0x001] = 00000008668a3063 ffffffffffffffff
>     (XEN)  L2[0x000] = 000000086689c063 ffffffffffffffff
>     (XEN)  L1[0x004] = 000000056f078063 000000000007f678
>     (XEN)
>     (XEN) ****************************************
>     (XEN) Panic on CPU 7:
>     (XEN) FATAL PAGE FAULT
>     (XEN) [error_code=0000]
>     (XEN) Faulting linear address: ffff820040004ae0
>     (XEN) ****************************************
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> CC: Jan Beulich <JBeulich@suse.com>
> CC: George Dunlap <george.dunlap@eu.citrix.com>
> CC: Jun Nakajima <jun.nakajima@intel.com>
> CC: Eddie Dong <eddie.dong@intel.com>
> CC: Kevin Tian <kevin.tian@intel.com>

Reviewed-by: George Dunlap <george.dunlap@eu.citrix.com>

 -George