xen-devel

[Top] [All Lists]

[Xen-devel] [PATCH] gnttab: propagate Reserved flag from old to new page

from [Ian Campbell]

[Permanent Link][Original]

To:	xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] [PATCH] gnttab: propagate Reserved flag from old to new page in gnttab_copy_grant_page.
From:	Ian Campbell <ian.campbell@xxxxxxxxxx>
Date:	Tue, 23 Feb 2010 16:40:18 +0000
Cc:	Jeremy Fitzhardinge <jeremy@xxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>
Delivery-date:	Tue, 23 Feb 2010 08:42:06 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<1266943189.11737.6457.camel@xxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<1266943189.11737.6457.camel@xxxxxxxxxxxxxxxxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

Otherwise we trip over the check for PAGE_FLAGS_CHECK_AT_FREE in
free_pages_check() when finally freeing the page, leading to
backtraces such as:
    Bad page state in process 'tcpdump'
    page:c15b8ae0 flags:0x40000800 mapping:00000000 mapcount:0 count:0
    Trying to fix it up, but a reboot is needed
    Backtrace:
    Pid: 5731, comm: tcpdump Tainted: G          
2.6.27.42-0.1.1.xs5.5.900.751.1073xen #1
     [<c015daeb>] bad_page+0x6b/0xa0
     [<c015e389>] free_hot_cold_page+0x239/0x250
     [<c015e3ea>] free_hot_page+0xa/0x10
     [<c0162255>] put_page+0x35/0xc0
     [<c026e002>] gnttab_page_free+0x22/0x30
     [<c015e325>] free_hot_cold_page+0x1d5/0x250
     [<c015e3ea>] free_hot_page+0xa/0x10
     [<c0162255>] put_page+0x35/0xc0
     [<c02cbe4a>] skb_put_page+0xa/0x10
     [<c02cc0b7>] skb_release_data+0x77/0x90
     [<c02cc78b>] skb_release_all+0x6b/0xa0
     [<c02cbf3b>] __kfree_skb+0xb/0x80
     [<c02cbfce>] kfree_skb+0x1e/0x40
     [<c02ce9bd>] skb_free_datagram+0xd/0x40
     [<c03360a6>] packet_recvmsg+0x186/0x1c0
     [<c015d8fb>] ? __rmqueue+0x1b/0x1a0
     [<c02c6222>] sock_recvmsg+0x102/0x130
     [<c013de50>] ? autoremove_wake_function+0x0/0x50
     [<c01691e7>] ? __do_fault+0x2e7/0x5f0
     [<c02c5af0>] ? sockfd_lookup_light+0x30/0x60
     [<c02c707d>] sys_recvfrom+0x7d/0xe0
     [<c0180dc9>] ? __kmalloc+0x139/0x190
     [<c02074bc>] ? copy_from_user+0x3c/0x70
     [<c03489d4>] ? _spin_lock_bh+0x14/0x70
     [<c03484c3>] ? _spin_unlock_bh+0x23/0x30
     [<c02c83df>] ? release_sock+0x9f/0xc0
     [<c02c7116>] sys_recv+0x36/0x40
     [<c02c759f>] sys_socketcall+0x15f/0x290
     [<c01053ce>] syscall_call+0x7/0xb
     [<c0340000>] ? pci_scan_bus_on_node+0x10/0x80
     =======================

gnttab_copy_grant_page is (currently) only ever used on pages which
were allocated by alloc_empty_pages_and_pagevec() and hence have the
PG_reserved set. Also free_empty_pages_and_pagevec() can
BUG_ON(!PageReserved(page)).

Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
---
 drivers/xen/grant-table.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c
index 17efd09..7079787 100644
--- a/drivers/xen/grant-table.c
+++ b/drivers/xen/grant-table.c
@@ -558,9 +558,12 @@ int gnttab_copy_grant_page(grant_ref_t ref, struct page 
**pagep)
        new_page->mapping = page->mapping;
        new_page->index = page->index;
        set_bit(PG_foreign, &new_page->flags);
+       if (PageReserved(page))
+               set_bit(PG_reserved, &new_page->flags);
        *pagep = new_page;
 
        SetPageForeign(page, gnttab_page_free);
+       ClearPageReserved(page);
        page->mapping = NULL;
 
 out:
-- 
1.5.6.5


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-devel] [GIT] Grant table fix, Ian Campbell [Xen-devel] [PATCH] gnttab: propagate Reserved flag from old to new page in gnttab_copy_grant_page., Ian Campbell <= Re: [Xen-devel] [PATCH] gnttab: propagate Reserved flag from old to new page in gnttab_copy_grant_page., Jan Beulich Re: [Xen-devel] [PATCH] gnttab: propagate Reserved flag from old to new page in gnttab_copy_grant_page., Ian Campbell [Xen-devel] [PATCH] grant-table: use page flag interfaces when copying a grant page, Ian Campbell [Xen-devel] Re: [PATCH] grant-table: use page flag interfaces when copying a grant page, Ian Campbell [Xen-devel] Re: [GIT] Grant table fix, Jeremy Fitzhardinge [Xen-devel] Re: [GIT] Grant table fix, Ian Campbell

Previous by Date:	[Xen-devel] [GIT] Grant table fix, Ian Campbell
Next by Date:	Re: [Xen-devel] cpuidle causing Dom0 soft lockups, Jan Beulich
Previous by Thread:	[Xen-devel] [GIT] Grant table fix, Ian Campbell
Next by Thread:	Re: [Xen-devel] [PATCH] gnttab: propagate Reserved flag from old to new page in gnttab_copy_grant_page., Jan Beulich
Indexes:	[Date] [Thread] [Top] [All Lists]