From: Gerd Hoffmann <kraxel@suse.de>
To: Jeremy Fitzhardinge <jeremy@goop.org>
Cc: Virtualization Mailing List <virtualization@lists.osdl.org>
Subject: Re: Oops
Date: Thu, 11 Jan 2007 15:12:19 +0100 [thread overview]
Message-ID: <45A645C3.2060802@suse.de> (raw)
In-Reply-To: <45A55E29.2090207@goop.org>
Jeremy Fitzhardinge wrote:
>> Looks like a slot-3 pmd got reused for slot-0, with some stale entries
>> for the hypervisor hole in there for some reason ...
>>
>> quick and dirty sledge hammer fix:
>>
>> --- paravirt-2.6.20-rc4-hg691.orig/arch/i386/paravirt-xen/enlighten.c
>> +++ paravirt-2.6.20-rc4-hg691/arch/i386/paravirt-xen/enlighten.c
>> @@ -522,6 +522,7 @@ static fastcall void xen_alloc_pd(u32 pf
>> static fastcall void xen_release_pd(u32 pfn)
>> {
>> make_lowmem_page_readwrite(__va(PFN_PHYS(pfn)));
>> + memset(__va(PFN_PHYS(pfn)), 0, PAGE_SIZE);
>> }
>>
>> static fastcall void xen_release_pt(u32 pfn)
>>
>
> Does this work?
>
> diff -r 252f3ed87072 arch/i386/mm/pgtable.c
> --- a/arch/i386/mm/pgtable.c Mon Jan 08 16:57:56 2007 -0800
> +++ b/arch/i386/mm/pgtable.c Wed Jan 10 13:13:40 2007 -0800
> @@ -265,6 +265,7 @@ static void pgd_ctor(pgd_t *pgd)
> swapper_pg_dir + USER_PTRS_PER_PGD,
> KERNEL_PGD_PTRS);
> } else {
> + memset(pgd, 0, USER_PTRS_PER_PGD*sizeof(pgd_t));
> spin_lock_irqsave(&pgd_lock, flags);
> pgd_list_add(pgd);
> spin_unlock_irqrestore(&pgd_lock, flags);
Didn't try (yet), but I don't think so. It's not the pgd which is
broken, but the pmd. And I think this way:
(1) pmd is created
(2) pmd is taken out of the slabcache and used for the kernel/xen
address space (i.e. slot-3 in the PAE pgd).
(3) xen fills in the page table entries for the hypervisor hole
(4) pmd released and put back into the slab cache.
(5) pmd gets reused, but for userspace addresses this time (pgd
slot 0-2).
(6) xen_pin() finds the stale entries for the hypervisor hole
==> Oops.
cheers,
Gerd
--
Gerd Hoffmann <kraxel@suse.de>
next prev parent reply other threads:[~2007-01-11 14:12 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-09 13:34 Oops Gerd Hoffmann
2007-01-09 22:46 ` Oops Jeremy Fitzhardinge
2007-01-10 8:16 ` Oops Gerd Hoffmann
2007-01-10 10:29 ` Oops Gerd Hoffmann
2007-01-10 13:05 ` Oops Gerd Hoffmann
2007-01-10 20:07 ` Oops Jeremy Fitzhardinge
2007-01-10 23:52 ` Oops Chris Wright
2007-01-10 23:53 ` Oops Jeremy Fitzhardinge
2007-01-11 8:13 ` Oops Gerd Hoffmann
2007-01-11 8:11 ` Oops Gerd Hoffmann
2007-01-11 15:45 ` Oops Gerd Hoffmann
2007-01-11 17:41 ` Oops Chris Wright
2007-01-12 8:24 ` Oops Gerd Hoffmann
2007-01-12 2:53 ` Oops Rusty Russell
2007-01-12 4:23 ` Oops Chris Wright
2007-01-12 8:31 ` Oops Gerd Hoffmann
2007-01-10 20:06 ` Oops Jeremy Fitzhardinge
2007-01-10 21:44 ` Oops Jeremy Fitzhardinge
2007-01-11 14:12 ` Gerd Hoffmann [this message]
2007-01-11 19:56 ` Oops Jeremy Fitzhardinge
2007-01-10 19:38 ` Oops Jeremy Fitzhardinge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45A645C3.2060802@suse.de \
--to=kraxel@suse.de \
--cc=jeremy@goop.org \
--cc=virtualization@lists.osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).