xen-devel

[Top] [All Lists]

[Xen-devel] [merge PATCH] Fix BUG() in rmap.c due to direct_remap_pfn_ra

from [Stephen C. Tweedie]

[Permanent Link][Original]

To:	"xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	[Xen-devel] [merge PATCH] Fix BUG() in rmap.c due to direct_remap_pfn_range()
From:	"Stephen C. Tweedie" <sct@xxxxxxxxxx>
Date:	Tue, 20 Dec 2005 17:47:06 +0000
Delivery-date:	Tue, 20 Dec 2005 17:49:57 +0000
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

Hi,

linux-2.6-merge.hg BUG()s reliably for me as soon as xend starts.  The
problem is the /proc/xen/privcmd file: that gets mmaped by ioctl, then
unmapped, and the unmap results in an instant BUG():
        
        kernel BUG at mm/rmap.c:486!
        EIP is at page_remove_rmap+0x26/0x40
         [<c014a7ac>] zap_pte_range+0x1cc/0x2f0
         [<c014a9ee>] unmap_page_range+0x11e/0x140
         [<c014aad7>] unmap_vmas+0xc7/0x190
         [<c014f38b>] unmap_region+0x7b/0xe0
         [<c014f6a0>] do_munmap+0xe0/0x120
         [<c014f72e>] sys_munmap+0x4e/0x70
         [<c0106cd1>] syscall_call+0x7/0xb

The BUG is:

                BUG_ON(page_mapcount(page) < 0);

and occurs because we're illegally trying to maintain mapping refcounts
on a page that has been mapped by direct pfn remapping.  

i386 ioremp-xen.c's direct_remap_pfn_range() does

        /* Same as remap_pfn_range(). */
        vma->vm_flags |= VM_IO | VM_RESERVED;

but in fact these are _not_ the same flags as remap_pfn_range(): the
latter now adds VM_PFNMAP to the mix too.  Adding this to the Xen
variant fixes the problem for me.

--Stephen

# HG changeset patch
# User Stephen Tweedie <sct@xxxxxxxxxx>
# Node ID ab6357ea515ba188dc603993e3dc0a354c77c2ec
# Parent  78f8cdfcabc9ae2987c11ab6c158eb4b23809cd7
The core kernel VM now requires the VM_PFNMAP flag to be set on vmas
which contain directly remapped pfns.  Without this, we get an instant
BUG() in rmap.c on unmapping such a region.

diff -r 78f8cdfcabc9 -r ab6357ea515b arch/i386/mm/ioremap-xen.c
--- a/arch/i386/mm/ioremap-xen.c        Tue Dec 20 16:43:36 2005 +0100
+++ b/arch/i386/mm/ioremap-xen.c        Tue Dec 20 18:40:27 2005 +0100
@@ -118,7 +118,7 @@
                           domid_t  domid)
 {
        /* Same as remap_pfn_range(). */
-       vma->vm_flags |= VM_IO | VM_RESERVED;
+       vma->vm_flags |= VM_IO | VM_RESERVED | VM_PFNMAP;
 
        return __direct_remap_pfn_range(
                vma->vm_mm, address, mfn, size, prot, domid);

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [merge PATCH] Fix BUG() in rmap.c due to direct_remap_pfn_range(), Stephen C. Tweedie <=

Previous by Date:	[Xen-devel] current hg tree not working - in i8237A_resume undefined reference to smp_processor_id, Hans-Christian Armingeon
Next by Date:	[Xen-devel] netfilter debug patch info, Ted Kaczmarek
Previous by Thread:	[Xen-devel] current hg tree not working - in i8237A_resume undefined reference to smp_processor_id, Hans-Christian Armingeon
Next by Thread:	[Xen-devel] netfilter debug patch info, Ted Kaczmarek
Indexes:	[Date] [Thread] [Top] [All Lists]