xen-devel

[Top] [All Lists]

Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_

from [Tim Deegan]

[Permanent Link][Original]

To:	Olaf Hering <olaf@xxxxxxxxx>
Subject:	Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry
From:	Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Date:	Wed, 24 Nov 2010 10:22:02 +0000
Cc:	"xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date:	Wed, 24 Nov 2010 02:23:33 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<20101123210158.GA9425@xxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<20101123210158.GA9425@xxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mutt/1.5.20 (2009-06-14)

Hi, 

At 21:01 +0000 on 23 Nov (1290546118), Olaf Hering wrote:
> what is the purpose of the mfn_to_gfn() check in
> guest_physmap_add_entry()?

It's intended to stop a VM aliasing two PFNs to the same MFN.

> This function gets a fresh mfn and its gfn passed to update the global
> p2m state. But before doing that, it checks wether that fresh mfn maps
> still to some gfn. If it does, it checks if that gfn maps to any mfn. If
> it doesnt, Xen crashes with an assert.
> 
> Now, if that mfn was part of an old guest, should that old guest cleanup
> all of its mfns and update the machine_to_phys_mapping[]? Appearently
> that rarely happens.
> And if there is still some random gfn number in that array, the function
> tries to see what happens with this number in the current guests
> context. IF that number happens to be a gfn in paged-out state, there
> will be no mfn. So the ASSERT triggers.

The assert is guarded by p2m_is_ram(), which ought to imply that there
was actual RAM behind it.  There are other places in the code where
p2m_is_ram() is used to check that the associated mfn is valid
(e.g. when loading CR3).

I think that adding the paging types (in particular p2m_ram_paged) to
P2M_RAM_TYPES is a mistake, unless gfn_to_mfn() guarantees to get the
pfn into a state where it's backed by an MFN before it returns (which it
probably can't).

Another option would be to audit all callers of p2m_is_ram() and check
whether they can handle paged-out PFNs (which I though had already been
done but seems not to be).  Keir's VCPU yield patch might be useful in
some of those places too.

Cc'ing Patrick for comments.

> I would guess that if guest_physmap_add_entry() gets a page with type
> p2m_ram_rw, nothing else can own that page. Is that right?
> If so, this ASSERT or most of the loop can be removed.

The loop shouldn't be removed without some more thought about aliasing
PFNs, and I think that removing the ASSERT plasters over a deeper
problem.

The BUG_ON() just above it, on the other hand, is not correct, and I'll
remove it.

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

x
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Olaf Hering Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Tim Deegan <= Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Tim Deegan Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Olaf Hering Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Tim Deegan Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Olaf Hering Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Olaf Hering Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Tim Deegan Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Olaf Hering Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Keir Fraser Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Olaf Hering Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Keir Fraser

Previous by Date:	[Xen-devel] Xen 4.0.1 creates HVM error, yueqiang
Next by Date:	Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Tim Deegan
Previous by Thread:	[Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Olaf Hering
Next by Thread:	Re: [Xen-devel] bogus gfn - mfn - gfn - mfn checks in guest_physmap_add_entry, Tim Deegan
Indexes:	[Date] [Thread] [Top] [All Lists]