From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Jan Beulich" <JBeulich@novell.com>
Subject: [PATCH 0/5] x86: properly propagate errors to hypercall
	callee
Date: Wed, 09 Mar 2011 10:53:22 +0000
Message-ID: <4D776A320200007800035752@vpn.id2.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

Xen should not BUG() or crash when processing a hypercall and running
out of memory, but currently it does:

(XEN) Xen BUG at mm.c:83
(XEN) ----[ Xen-4.0.2_02-3.6  x86_64  debug=3Dn  Tainted:  M   ]----
(XEN) CPU:    0
(XEN) RIP:    e008:[<ffff82c4801f0a1b>] alloc_xen_pagetable+0x8b/0xa0
(XEN) RFLAGS: 0000000000010246   CONTEXT: hypervisor
(XEN) rax: 0000000000000000   rbx: 0000000000000173   rcx: 0000000000000040=

(XEN) rdx: 0000000000000040   rsi: 0000000000000000   rdi: ffff82c48022caa4=

(XEN) rbp: ffff830193dd8000   rsp: ffff82c480477908   r8:  0000000000000001=

(XEN) r9:  00ff00ff00ff00ff   r10: 0f0f0f0f0f0f0f0f   r11: 0000000000000000=

(XEN) r12: 000ffffffffff000   r13: 0000000000193dd8   r14: ffff8300cbffb4f0=

(XEN) r15: 0000000000000001   cr0: 000000008005003b   cr4: 00000000000026f0=

(XEN) cr3: 0000000024275000   cr2: ffff8800068a1d80
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: 0000   cs: e008
(XEN) Xen stack trace from rsp=3Dffff82c480477908:
(XEN)    000ffffffffff000 ffff82c480161614 0000000000000010 ffff82c48015d63=
1
(XEN)    000ffff830193dd8 ffff8300cba7d030 0000000100000000 000000000000000=
0
(XEN)    0000000000000000 0000000000000173 0000000000000173 00000000000001f=
3
(XEN)    0000000000000111 0000000000193dd8 0000000000000010 000000000000000=
0
(XEN)    ffff82c5487d8000 ffff83022fd82000 ffff82f60327bb00 ffff82c480161e0=
c
(XEN)    ffff83022fd82000 0000000000000001 0000000000193dd8 8010000193dd807=
7
(XEN)    ffff83022fd82000 ffff82c480165bda ffff83019563f000 ffff82c480164b1=
f
(XEN)    ffff83022fd82000 ffff8800507b7728 0000000000801077 000000000000000=
2
(XEN)    ffff83022fd82000 ffff8300cbe8e000 0000000000000008 8010000193dd807=
7
(XEN)    ffff8800068a1d80 ffff8300cbe8e000 0000000000000008 80100002268a106=
5
(XEN)    0000000000000000 ffff82c480165e06 0000000000000000 000000000000000=
0
(XEN)    ffff83022fd82000 ffff83022fd82000 ffff8800068a1d80 000000000000000=
5
(XEN)    0000000000000000 ffff82c4801662a1 ffff82c480477e78 000000000000000=
0
(XEN)    ffff82c480477e78 0000000000000089 0000000000000008 ffff82c48023354=
0
(XEN)    0000000000000048 ffff82c480182d43 ffff83022fde0a70 ffff82f6032ad7a=
0
(XEN)    0000000000000048 0000000000000000 ffff8302000000d6 ffff82c48011100=
7
(XEN)    0000000000000001 0000000000000008 ffff830100000010 000000d680477f2=
8
(XEN)    ffff82c480477b98 ffff82c480477ca8 00000008032ad7a0 ffff82c480477e2=
0
(XEN)    0000000000000000 ffff8800068a1d80 00ff82c480121418 000000010000000=
8
(XEN)    ffff82c480269203 0000000000000096 ffff83022fd82000 ffff82c48026920=
0
(XEN) Xen call trace:
(XEN)    [<ffff82c4801f0a1b>] alloc_xen_pagetable+0x8b/0xa0
(XEN)    [<ffff82c480161614>] map_pages_to_xen+0x5e4/0xd10
(XEN)    [<ffff82c48015d631>] do_IRQ+0x291/0x600
(XEN)    [<ffff82c480161e0c>] update_xen_mappings+0xcc/0x170
(XEN)    [<ffff82c480165bda>] get_page_from_l1e+0x3fa/0x520
(XEN)    [<ffff82c480164b1f>] free_page_type+0x3af/0x690
(XEN)    [<ffff82c480165e06>] ptwr_emulated_update+0x106/0x450
(XEN)    [<ffff82c4801662a1>] ptwr_emulated_write+0x71/0xa0
(XEN)    [<ffff82c480182d43>] x86_emulate+0x4773/0xff10
(XEN)    [<ffff82c480111007>] do_xen_version+0x217/0x520
(XEN)    [<ffff82c48015d631>] do_IRQ+0x291/0x600
(XEN)    [<ffff82c4801716fc>] flush_area_mask+0x7c/0x130
(XEN)    [<ffff82c4801524ec>] context_switch+0x18c/0xec0
(XEN)    [<ffff82c480161fad>] get_page+0x2d/0x100
(XEN)    [<ffff82c48015bae0>] set_eoi_ready+0x0/0x40
(XEN)    [<ffff82c4801622eb>] ptwr_do_page_fault+0x1ab/0x200
(XEN)    [<ffff82c48012169a>] timer_softirq_action+0x21a/0x360
(XEN)    [<ffff82c48017d764>] do_page_fault+0x114/0x450
(XEN)    [<ffff82c4801f0605>] handle_exception_saved+0x2d/0x6b
(XEN)   =20
(XEN)=20
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) Xen BUG at mm.c:83
(XEN) ****************************************

This patch set makes it so that not only the offending BUG() gets
eliminated, but also properly propagates the error to the guest,
so that the latter can take action (which will itself require quite
some changes to prevent crashing the guest in that situation,
particularly where utilizing Xen's writeable page table support).

1: don't BUG() post-boot in alloc_xen_pagetable()
2: run-time callers of map_pages_to_xen() must check for errors
3: make get_page_from_l1e() return a proper error code
4: make mod_l1_entry() return a proper error code
5: make mod_l2_entry() return a proper error code

All but the last are clear candidates for backporting to 4.1 and 4.0,
albeit for the former perhaps only after 4.1.0.

Signed-off-by: Jan Beulich <jbeulich@novell.com>