WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Question regarding SLAB corruption

from [Keir Fraser] [Permanent Link][Original]
To: Lukas Hejtmanek <xhejtman@xxxxxxxxxxx>
Subject: Re: [Xen-devel] Question regarding SLAB corruption
From: Keir Fraser <keir@xxxxxxxxxxxxx>
Date: Mon, 09 Jul 2007 19:29:59 +0100
Cc: Roland Dreier <rdreier@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 09 Jul 2007 11:24:46 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20070709174226.GQ3885@xxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcfCVyfbZmrPrS5KEdynZwAWy6hiGQ==
Thread-topic: [Xen-devel] Question regarding SLAB corruption
User-agent: Microsoft-Entourage/11.3.3.061214 
On 9/7/07 18:42, "Lukas Hejtmanek" <xhejtman@xxxxxxxxxxx> wrote:

> On Mon, Jul 09, 2007 at 06:21:24PM +0100, Keir Fraser wrote:
>> By my understanding, the infiniband driver is doing an order-6 allocation,
>> then stuffing that multi-page region into a single element of a scatterlist.
>> It is then calling dma_map_sg(), which [on Xen] calls swiotlb_map_sg(),
>> which calls map_single() on that multi-page extent. Am I misunderstanding
>> something?
> 
> Not exactly.
> 
> IB driver does alloc_pages (order-6). Then it calls pci_map_sg() which is
> basically dma_map_sg(). This one invokes swiotlb_map_sg() which possibly calls
> map_single() (right now I'm not sure, I must check it, but if yes, it creates
> index 3328).
> 
> Then later, IB driver invokes dma_sync_single on the first page from that
> order-6 allocation via dma_handle. And in __sync_single it crashes because
> sync_single picks up index 3332 instead of 3328.
> 
> Btw, please, keep Roland in Cc.

Oh! I take it then that the infiniband driver will call sync_single() on
subsections of a mapped region? I haven't seen that behaviour before and it
will kill lib/swiotlb.c (the generic Linux swiotlb implementation) just as
surely as it does the Xen-specific swiotlb!

We could make the swiotlb robust to this treatment, I guess. It will involve
initialising all covered io_tlb_orig_addr[] slots rather than just the
first. You could even have a go at this yourself if you like: rather than
initialising a single slot at the end of map_single(), you'd have a for-loop
to iterate over each allocated swiotlb slab.

 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] [XEND] Missing last line in patch, Stefan Berger
Next by Date:  Re: [Xen-devel] Question regarding SLAB corruption, Lukas Hejtmanek
Previous by Thread:  Re: [Xen-devel] Question regarding SLAB corruption, Lukas Hejtmanek
Next by Thread:  Re: [Xen-devel] Question regarding SLAB corruption, Lukas Hejtmanek
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy