| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
RE: [Xen-devel] Question on type_info and count_info for a page_infostru
One additional question I forgot to ask in my previous posting is why
domain 1, which does not own the page being freed is allowed to make the
deletion in free_domheap_pages. Shouldn't only the page owners be the
ones that can free their own pages or does the lack of a check is needed
for domain 0 to create and delete domains?
R.
-----Original Message-----
From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Roger Cruz
Sent: Friday, October 12, 2007 3:16 PM
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Question on type_info and count_info for a
page_infostructure.
I'm trying to debug a problem where a page is being freed via the
free_domheap_pages() routine and it is triggering a bug check for this
condition:
BUG_ON((pg[i].u.inuse.type_info & PGT_count_mask) != 0);
I have printed the page_info fields for type_info and it shows large
numbers there with the count_info equals to 0.
(XEN) page_alloc.c:902: pg=0xf869f570, i=0x0, type_info = 0xe800005d,
count info = 0x0, domid=0x2 order=0x0
I found the spot where type_info is incremented (get_page_type). The
routine is getting called due to a page fault:
[<ff12889c>] get_page_type+0x16c/0x460
(XEN) [<ff127f77>] get_page_from_l1e+0x187/0x430
(XEN) [<ff169d49>] shadow_set_l1e+0xe9/0x1d0
(XEN) [<ff16baf9>] sh_page_fault__shadow_3_guest_3+0x3f9/0xf80
(XEN) [<ff15c076>] vmx_vmexit_handler+0x786/0x1680
(XEN) [<ff15cf87>] vmx_asm_vmexit_handler+0x17/0x20
At this point, you need a little background info. The page in question
belongs to HVM domain 2 and have modified the hypervisor to allow me to
map it (via grant_table) into another HVM (domain 1). Domain 1 is the
one causing the crash as it tries to unmap the previously mapped
grant_table reference.
(XEN) Xen call trace:
(XEN) [<ff10e465>] free_domheap_pages+0xb5/0x310
(XEN) [<ff10963d>] do_grant_table_op+0x196d/0x1ae0
(XEN) [<ff13de32>] hvm_do_hypercall+0xb2/0x1e0
(XEN) [<ff15ba95>] vmx_vmexit_handler+0x305/0x1680
(XEN) [<ff15ce27>] vmx_asm_vmexit_handler+0x17/0x20
So I can state that the page is mapped correctly and useable and as it
is accessed, it incurs page faults which increment the type_info count
but don't appear to increment count_info. This confused me because my
understanding of these counters is that they would track each other.
Any clarification on their uses is extremely appreciated.
Thank you
Roger
PS. This is from XenSource's 3.1.0 hypervisor
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home