Re: [Xen-devel] Re: mapping problems in xenpaging

To:	Adin Scannell <adin@xxxxxxxxxxxxxx>
Subject:	Re: [Xen-devel] Re: mapping problems in xenpaging
From:	Olaf Hering <olaf@xxxxxxxxx>
Date:	Mon, 3 Oct 2011 16:56:16 +0200
Cc:	zhen shi <bickys1986@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Mon, 03 Oct 2011 07:56:59 -0700
Dkim-signature:	v=1; a=rsa-sha1; c=relaxed/relaxed; t=1317653786; l=2189; s=domk; d=aepfle.de; h=In-Reply-To:Content-Transfer-Encoding:Content-Type:MIME-Version: References:Subject:Cc:To:From:Date:X-RZG-CLASS-ID:X-RZG-AUTH; bh=U8hLnnTabNXv4vyJttNP+35tMqs=; b=caHxbyOW5+x8l7JDssvWycGGuOiOgRxNF7FXf1fJOr72P9VxWwVmMP+wFxAeD/xaMdv IfTQeQmLD0bbq4bXPyOWWsMlP/zZ+dFM4NiZATGtN6JUbaNuWoqWNoHhmX8Aw+01g2fDz OUEMxLWtgVsEteRWzjg4uOz8ic3bPbDU9wQ=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<CAAJKtqrFuJkNAZZhRs8tC0ymgQTD0G2VTgYexQ9EhnCxsJNZuw@xxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<CACavRyB4kvMLZK1-vv9bJnVdnpKJBHTmnhJxt6g3eh88xY6FTg@xxxxxxxxxxxxxx> <20110929170244.GA29163@xxxxxxxxx> <CAAJKtqrFuJkNAZZhRs8tC0ymgQTD0G2VTgYexQ9EhnCxsJNZuw@xxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mutt/1.5.21.rev5535 (2011-07-01)

On Fri, Sep 30, Adin Scannell wrote:

> >>  When we analyze and test xenpaging,we found there are some 
> >> problems between
> >> mapping and xenpaging.
> >>  1) When mapping firstly, then do xenpaging,and the code paths have 
> >> resolved
> >> the problems.It's OK.
> >>  2) The problems exists if we do address mapping firstly then go to
> >> xenpaging,and our confusions are as followings:
> >>    a) If the domU's memory is directly mapped to dom0,such as the hypercall
> >> from pv driver,then it will build a related page-table in dom0,which will 
> >> not
> >> change p2m-type.
> >>       and then do the xenpaging to page out the domU's memory pages whose 
> >> gfn
> >> address have been already mapped to dom0;So it will cause some problems 
> >> when
> >> dom0
> >>       accesses these pages.Because these pages are paged-out,and dom0 
> >> cannot
> >> tell the p2mt before access the pages.
> >
> > I'm not entirely sure what you do. xenpaging runs in dom0 and is able to
> > map paged-out pages. It uses that to trigger a page-in, see
> > tools/xenpaging/pagein.c in xen-unstable.hg
> 
> Here's my take...
> 
> Xenpaging doesn't allow selection of pages that have been mapped by
> other domains (as in p2m.c):
> 
>  669 int p2m_mem_paging_nominate(struct domain *d, unsigned long gfn)
> ....
>  693     /* Check page count and type */
>  694     page = mfn_to_page(mfn);
>  695     if ( (page->count_info & (PGC_count_mask | PGC_allocated)) !=
>  696          (1 | PGC_allocated) )
>  697         goto out;
> 
> *However*, I think that the problem Zhen is describing still exists:
> 1) xenpaging nominates a page, it is successful.
> 2) dom0 maps the same page (a process other than xenpaging, which will
> also map it).
> 3) xenpaging evicts the page, successfully.
> 
> I've experienced a few nasty crashes, and I think this could account
> for a couple (but certainly not all)... I think that the solution may
> be to repeat the refcount check in paging_evict, and roll back the
> nomination gracefully if the race is detected. Thoughts?

Are there really code paths that touch a mfn without going through the
p2m functions? If so I will copy the check and update xenpaging.

Olaf

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

Re: [Xen-devel] Re: mapping problems in xenpaging