WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] xen.git branch reorg / success with 2.6.30-rc3 pv_ops do

To: Pasi Kärkkäinen <pasik@xxxxxx>
Subject: Re: [Xen-devel] xen.git branch reorg / success with 2.6.30-rc3 pv_ops dom0
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Mon, 8 Jun 2009 17:00:58 +0100
Cc: Jeremy Fitzhardinge <jeremy@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 08 Jun 2009 09:01:24 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <1244475935.27370.309.camel@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Citrix Systems, Inc.
References: <20090522080655.GA24960@xxxxxxxxxxxxxxx> <20090604202656.GR24960@xxxxxxxxxxxxxxx> <1244197217.27370.146.camel@xxxxxxxxxxxxxxxxxxxxxx> <20090605112347.GY24960@xxxxxxxxxxxxxxx> <1244201864.27370.172.camel@xxxxxxxxxxxxxxxxxxxxxx> <20090605133850.GA24960@xxxxxxxxxxxxxxx> <1244209979.27370.188.camel@xxxxxxxxxxxxxxxxxxxxxx> <20090605154130.GB24960@xxxxxxxxxxxxxxx> <1244217948.27370.213.camel@xxxxxxxxxxxxxxxxxxxxxx> <1244218353.27370.216.camel@xxxxxxxxxxxxxxxxxxxxxx> <20090605181925.GC24960@xxxxxxxxxxxxxxx> <1244475935.27370.309.camel@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On Mon, 2009-06-08 at 11:45 -0400, Ian Campbell wrote:
> 
> > L4 at e1822000 is pinned contains L2 at e1977228 which points at an
> L1
> > which is unpinned low mem address 0x8bf8000
> 
> OK so I think that is interesting. A pinned L4 referencing an unpinned
> L1 isn't supposed to happen, I don't think (Jeremy?).

Interesting:

        pte_t *page_check_address(struct page *page, struct mm_struct *mm,
        [...]
                pte = pte_offset_map(pmd, address); /* A */
                /* Make a quick check before getting the lock */
                if (!sync && !pte_present(*pte)) {
                        pte_unmap(pte);
                        return NULL;
                }
        
                ptl = pte_lockptr(mm, pmd);
                spin_lock(ptl);
        [...]
        
So at point A we make a new mapping of a PTE without yet holding the
corresponding PTE lock and this is precisely the point at which things
start to go wrong for us... (coincidence? I think not ;-))

I wonder how this interacts with the logic in
arch/x86/xen/mmu.c:xen_pin_page() which holds the lock while waiting for
the (deferred) pin multicall to occur? Hmm, no this is about the
PagePinned flag on the struct page which is out of date WRT the actual
pinned status as Xen sees it -- we update the PagePinned flag early in
xen_pin_page() long before Xen the pin hypercall so this window is the
other way round to what would be needed to trigger this bug.

On the other hand xen_unpin_page() looks like it sets up something
roughly like what we need for this issue to trigger.

Pasi in additional to my other mad hack could you try this:

diff --git a/mm/Kconfig b/mm/Kconfig
index a5b7781..5663548 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -166,6 +166,7 @@ config SPLIT_PTLOCK_CPUS
        int
        default "4096" if ARM && !CPU_CACHE_VIPT
        default "4096" if PARISC && !PA20
+       default "4096" if XEN
        default "4"
 
 #


Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>