[Xen-devel] Re: mm.c:777:d2 Non-privileged (2) attempt to map I/O space 000f995a + (XEN) mm.c:845:d20 Error getting mfn jd (pfn 84fd) from L1 entry 800000000246d467 for l1e_owner=20, pg_owner=32753

[Jeremy Fitzhardinge <jeremy@xxxxxxxx>]

On 11/30/09 19:11, Konrad Rzeszutek Wilk wrote:
> next in the user space we do:
>  handle[i] = 'a';
>
> which causes a page_fault and we jump to the kernel:
> page_fault ->
>       handle_mm_fault ->
>               __do_fault()
>                   |-----vm_ops->fault (fb_deferred_io_fault):
>                   |           fb_deferred_io_page:
>                   |                   vmalloc_to_page [We now have a page]
>                   |           vmf->page = page [page attached to the user 
> address, good]
>                     |----mk_pte( .. ), sets PAGE_IOMAP
>                     |
>                     |----xen_set_pte_at ():
>                       [ This is the fun part ]
>                         |----if (xen_iomap_pte(pteval)) [ checks if 
> _PAGE_IOMAP is set]
>                                   |----xen_set_domain_pte():
>                                       [which makes the PTE belong to DOMID_IO]
>
> And at that point the Xen Hypervisor is called, and spits out:
> (XEN) mm.c:845:d20 Error getting mfn jd (pfn 84fd) from L1 entry 
> 800000000246d467 for l1e_owner=20, pg_owner=32753
>
> as it interprets the PFN as the MFN.
>   

OK, that makes sense.  Thanks for tracking it down.

> This is incorrect as the page is vmalloc-ed and has no IO backing.
>
> Poking around I've come up with three ideas to solve this:
>
> 1). Inhibit xen_fb_deferred_io_map from setting VM_IO. That fixes the issue, 
> but
>     there are drivers (sh_mobile_lcdcfb.c) that have the fb be backed up by a 
> physical
>     page, in which case VM_IO is correct. So this is a no go.
>   

1a) add a flag to avoid setting VM_IO?  (uncompiled, untested, uneverything)

diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c
index 0a7a667..dd03822 100644
--- a/drivers/video/fb_defio.c
+++ b/drivers/video/fb_defio.c
@@ -144,7 +144,9 @@ static const struct address_space_operations 
fb_deferred_io_aops = {
 static int fb_deferred_io_mmap(struct fb_info *info, struct vm_area_struct 
*vma)
 {
        vma->vm_ops = &fb_deferred_io_vm_ops;
-       vma->vm_flags |= ( VM_IO | VM_RESERVED | VM_DONTEXPAND );
+       vma->vm_flags |= ( VM_RESERVED | VM_DONTEXPAND );
+       if (!(info->flags & FBINFO_VIRTFB))
+         vma->vm_flags |= VM_IO;
        vma->vm_private_data = info;
        return 0;
 }
diff --git a/drivers/video/xen-fbfront.c b/drivers/video/xen-fbfront.c
index 0c6b1c6..60d9d61 100644
--- a/drivers/video/xen-fbfront.c
+++ b/drivers/video/xen-fbfront.c
@@ -440,7 +440,7 @@ static int __devinit xenfb_probe(struct xenbus_device *dev,
        fb_info->fix.type = FB_TYPE_PACKED_PIXELS;
        fb_info->fix.accel = FB_ACCEL_NONE;
 
-       fb_info->flags = FBINFO_FLAG_DEFAULT;
+       fb_info->flags = FBINFO_DEFAULT | FBINFO_VIRTFB;
 
        ret = fb_alloc_cmap(&fb_info->cmap, 256, 0);
        if (ret < 0) {
diff --git a/include/linux/fb.h b/include/linux/fb.h
index f847df9..65134b5 100644
--- a/include/linux/fb.h
+++ b/include/linux/fb.h
@@ -766,6 +766,7 @@ struct fb_tile_ops {
         *  Hardware acceleration is turned off.  Software implementations
         *  of required functions (copyarea(), fillrect(), and imageblit())
         *  takes over; acceleration engine should be in a quiescent state */
+#define FBINFO_VIRTFB          0x0004  /* FB is in system RAM, not device */
 
 /* hints */
 #define FBINFO_PARTIAL_PAN_OK  0x0040 /* otw use pan only for double-buffering 
*/

        J


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel