This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] [PATCH] direct_remap_pfn_range vm_flags fix

To: Chris Wright <chrisw@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] direct_remap_pfn_range vm_flags fix
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Wed, 8 Feb 2006 09:13:08 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 08 Feb 2006 09:25:09 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20060208082847.GE30803@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20060208082847.GE30803@xxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On 8 Feb 2006, at 08:28, Chris Wright wrote:

direct_remap_pfn_range() does not properly mark vma with VM_PFNMAP.
This triggers improper reference counting on what rmap thought was
a normal page, and a subsequent BUG() such as:

It isn't really proper for direct_remap_pfn_range() to set VM_PFNMAP. Properly that function should actually be called remap_mfn_range(). vm_pgoff is an MFN, and what is mapped is a contiguous sequence of MFNs.

So the PFNMAP checks in vm_normal_page() do not work, since pte_pfn() will not return a contiguous sequence of PFNs starting from vm_pgoff -- the MFNs are contiguous, not the PFNs. What saves you currently is the cow_mapping() check in vm_normal_page(). If we created private mappings of any guest-local memory via direct_remap_pfn_range(), we would still crash.

Possible proper fixes:
1. Don't map local memory via that interface -- only xenstored does this, when mapping dom0's xenbus page. This could be changed. 2. Add a _PAGE_DIRECTMAP flag, just for Xen, that indicates unrefcounted PTEs.

 -- Keir

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>