Steven Hand wrote:
Take a look at xen/include/asm-x86/config.h ; this defines the
overall memory layout for x86_32, PAE & x86_64 systems, as well
as including some comments that should help you.
Thanks, Steven. I hadn't seen that file before.
However, I'm still confused (or frustrated, I'm not entirely sure
which!). Here's the memory layout table from that file:
/*
* Memory layout (high to low): SIZE PAE-SIZE
* ------ ------
* I/O remapping area ( 4MB)
* Direct-map (1:1) area [Xen code/data/heap] (12MB)
* Per-domain mappings (inc. 4MB map_domain_page cache) ( 8MB)
* Shadow linear pagetable ( 4MB) ( 8MB)
* Guest linear pagetable ( 4MB) ( 8MB)
* Machine-to-physical translation table [writable] ( 4MB) (16MB)
* Frame-info table (24MB) (96MB)
* * Start of guest inaccessible area
* Machine-to-physical translation table [read-only] ( 4MB) (16MB)
* * Start of guest unmodifiable area
*/
When my guest domain starts (FreeBSD in PAE mode), I begin looking at
the page tables. I note that I've modified Xend (the libxc code) to
build 4 pages of Page Directories because FreeBSD uses the model of
assuming that there are four Page Directories linearly mapped. This
way it can just forget about the 4 PTD pointers in the L3 page. It
means that 16KB are consumed for every address space, but it greatly
simplifies the code.
(gdb) x/4x xen_start_info->pt_base
0xc03ae000: 0x00000000fb152001 0x00000000fb151001
0xc03ae010: 0x00000000fb150001 0x00000000fb14f001
And, my kernel starts at virtual address 0xC000.0000, so only page 3
(in 0..3) of the 4 pages needs to have anything. And sure enough,
that's what I find:
# ./xenctrl 4 -l3 0xfb153 dump64 0xc03af000 0x4000 # I'm dumping 64
bit values
0xc03af000: -- page of zeros --
0xc03b0000: -- page of zeros --
0xc03b1000: -- page of zeros --
0xc03b2000: 0x00fb14e067 0x00fb14d067 0x00fb14c067
0x00fb14b067
...
0xc03b2d60: 0x00fbc000e1 0x00fba000e1 0x0000000000
0x0000000000
...
0xc03b2da0: 0x00018001e3 0x0001a001e3 0x0001c001e3
0x0001e001e3
0xc03b2dc0: 0x00020001e3 0x00022001e3 0x00024001e3
0x00026001e3
0xc03b2de0: 0x00028001e3 0x0002a001e3 0x0002c001e3
0x0002e001e3
...
0xc03b2f20: 0x00fbc001e3 0x00fba001e3 0x0000000000
0x0000000000
...
0xc03b2f60: 0x00fb152063 0x00fb151063 0x00fb150063
0x00fb14f063
...
0xc03b2fa0: 0x0000224063 0x0000225063 0x0000226063
0x0000227063
0xc03b2fc0: 0x0000211063 0x0000212063 0x0000213063
0x0000214063
0xc03b2fe0: 0x0000215063 0x0000216063 0x0000217063
0x0000bfe063
#
The four page table entries at 0xc03b2000 map my kernel (base address
0xC000.0000 means the first entries in page 3 of 0..3). And, my
kernel is 8MB, so all is well.
The following entries are broken-out as follows:
0xC03B2D60 has two entries which map to base address 0xF580.0000 for
4MB. This is 168 MB below 4GB. So, this should be the machine-to-
physical translation table. However, I can't map it from a tool in
Dom0, nor can I see it in GDB:
(gdb) x/32w 0xf5800000
0xf5800000: Cannot access memory at address 0xf5800000
Nor can I map the physical pages (of the L1 page table!):
# ./xenctrl 4 -l3 0xfb153 dump64-mfn 0xfbc00000 0x1000
Error: Couldn't map mfn fbc00000
This tells me I can't determine the L0 pages used. That's too bad.
So, I'm not sure how I'm suppose to use this. My guest domain -can-
see the F58 address region. And, so I can bcopy() the data into a
visible space for gdb. In the following snippet, I am using two
tools: GDB and a homebrew tool to view domain 0 pages, xenctrl:
(gdb) call bzero(0xc0000000, 0x1000) # Just to certify
that I can affect 0xC0000000
$22 = 0
# ./xenctrl 4 -l3 0xfb153 dump 0xc0000000 0x1000 # Verify that I
can view it
0xc0000000: -- page of zeros --
(gdb) call bcopy(0xf5800000, 0xc0000000, 0x1000) # See what's in
the machine-to-phys table
$23 = -897581056
# ./xenctrl 4 -l3 0xfb153 dump 0xc0000000 0x100
0xc0000000: 0xffffffff 0xffffffff 0xffffffff
0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff
0xc0000020: 0xffffffff 0xffffffff 0xffffffff
0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff
0xc0000040: 0xffffffff 0xffffffff 0xffffffff
0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff
0xc0000060: 0xffffffff 0xffffffff 0xffffffff
0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff
0xc0000080: 0xffffffff 0xffffffff 0xffffffff
0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff
0xc00000a0: 0xffffffff 0xffffffff 0xffffffff
0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff
0xc00000c0: 0xffffffff 0xffffffff 0xffffffff
0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff
0xc00000e0: 0xffffffff 0xffffffff 0xffffffff
0xffffffff 0xffffffff 0xffffffff 0xffffffff 0xffffffff
I'm not sure what I'm suppose to make of those numbers. If I view
the whole page (all 4K) I get long sequences of 0xffff's and 0x5555's.
Is there any documentation on the machine-to-physical region of
memory? Any sample code on its usage? I tried looking in Linux, but
I wasn't able to identify the machine-to-physical conversion macros
or functions for x86-32 on PAE.
Moving on to the next address space, I find Page Directory Entries
for the address space 0xFD800000. I have learned that this address
space is the recursive page table address space. I.e., in theory my
guest domain could perform virtual to machine page translations here
with the algorithm I stated last Wednesday: ((virtual-address &
0xFFFF.F000) >> 9) +0xFD80.0000 would generate the address of the PTE
for the current virtual page (assuming the virtual address is valid
in the first place!). But, the comment in the config.h file says
this is beyond the "Start of guest inaccessible area." Which is a
damn shame:
(gdb) call bcopy(0xfde00000, 0xc0000000, 8)
<hang>
Because I can get access to the data from Dom0 (I actually executed
the following steps -before- the steps above, which caused a hang):
(gdb) p/x ((0xC0000000 & 0xFFFFF000) >> 9) +0xFD800000
$26 = 0xfde00000
(gdb) x/1g $26
0xfde00000: 0x00000000d1620063
(gdb)
It would be -very- useful to my program if I could use the existing
recursive page table.
This all comes to pass because I'm trying to build the recursive
address table for FreeBSD and I need information I can't find; i.e.,
the machine to physical table.
-- Randy
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|