WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [BUG] double fault for sale ;)

To: Gerd Hoffmann <kraxel@xxxxxxx>
Subject: Re: [Xen-devel] [BUG] double fault for sale ;)
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Tue, 30 May 2006 15:46:39 +0100
Cc: Xen devel list <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 30 May 2006 07:47:03 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: Your message of "Tue, 30 May 2006 15:08:26 BST." <b85ad6152b6191550a8a0a27f16ae49e@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
> 
> On 30 May 2006, at 15:02, Gerd Hoffmann wrote:
> 
> >> The few stack frames you looked at already look quite innocent. They
> >> don't take up much stack space. OTOH it is somewhat weird to be doing
> >> writable pagetable work that far down the stack. It'll be interesting 
> >> to
> >> see what was going on to cause writable pagetable state to be flushed.
> >
> > Looks like an endless recursion, trace (and patch) attached.
> 
> Looks like writable pagetable logic gets tangled up somehow. I'll look 
> into it.

Gerd,

Can you please let me know whether the attached patch fixes the
crash for you? I suspect a bug in your modified builder triggered a
broken error path in Xen -- so this patch will hopefully turn the Xen
crash into a failure of your modified builder. :-)

 -- Keir

diff -r e58e04589d11 xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c Tue May 30 12:29:29 2006
+++ b/xen/arch/x86/mm.c Tue May 30 15:42:02 2006
@@ -1598,12 +1598,18 @@
             {
                 if ( unlikely((x & PGT_type_mask) != (type & PGT_type_mask) ) )
                 {
-                    if ( current->domain == page_get_owner(page) )
+                    if ( (current->domain == page_get_owner(page)) &&
+                         ((x & PGT_type_mask) == PGT_writable_page) )
                     {
                         /*
                          * This ensures functions like set_gdt() see up-to-date
                          * type info without needing to clean up writable p.t.
-                         * state on the fast path.
+                         * state on the fast path. We take this path only
+                         * when the current type is writable because:
+                         *  1. It's the only type that this path can decrement.
+                         *  2. If we take this path more liberally then we can
+                         *     enter a recursive loop via get_page_from_l1e()
+                         *     during pagetable revalidation.
                          */
                         LOCK_BIGLOCK(current->domain);
                         cleanup_writable_pagetable(current->domain);
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel