[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH V3] xen/balloon: flush persistent kmaps in correct position

On Sat, Mar 15, 2014 at 04:11:47PM +0000, Wei Liu wrote:
> Xen balloon driver will update ballooned out pages' P2M entries to point
> to scratch page for PV guests. In 24f69373e2 ("xen/balloon: don't alloc
> page while non-preemptible", kmap_flush_unused was moved after updating
> P2M table. In that case for 32 bit PV guest we might end up with
> 
>   P2M    X -----> S  (S is mfn of balloon scratch page)
>   M2P    Y -----> X  (Y is mfn in persistent kmap entry)
> 
> When kmap_flush_unused is called, it will call into
> flush_all_zero_pkmaps, which calls pte_page. Pte_page will call into
> PVMMU, which relies on P2M and M2P tables to do the correct translation.
> When PVMMU sees X -> S and Y -> X, it gets confused and returns a wrong
> value, which causes the guest to crash high up the call chain.
> 
> Move the flush back between get_page and __set_phys_to_machine to fix
> this.
> 
> Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
> Cc: David Vrabel <david.vrabel@xxxxxxxxxx>
> Cc: Konrad Wilk <konrad.wilk@xxxxxxxxxx>
> Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
> ---
>  drivers/xen/balloon.c |   13 +++++++++----
>  1 file changed, 9 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
> index 37d06ea..6e56174 100644
> --- a/drivers/xen/balloon.c
> +++ b/drivers/xen/balloon.c
> @@ -404,6 +404,15 @@ static enum bp_state decrease_reservation(unsigned long 
> nr_pages, gfp_t gfp)
>               frame_list[i] = pfn_to_mfn(pfn);
>  
>               scrub_page(page);
> +     }
> +
> +     /* Ensure that ballooned highmem pages don't have kmaps. */
> +     kmap_flush_unused();
> +     flush_tlb_all();
> +
> +     /* No more mappings: invalidate P2M and add to balloon. */
> +     for (i = 0; i < nr_pages; i++) {
> +             pfn = mfn_to_pfn(frame_list[i]);
>  

  +             page = pfn_to_page(pfn); // missing in this patch

This missing line causes PageHighMem to test on the wrong page.

David, you can either take V3 and add this line, or take V4.

Sorry for this mess.

Wei.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.