aboutsummaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorChris Lalancette <clalance@redhat.com>2008-10-23 20:40:25 -0400
committerIngo Molnar <mingo@elte.hu>2008-10-27 09:11:20 -0400
commit9f32d21c981bb638d0991ce5675a20337312066b (patch)
treebbeb22162a90811716b94f68c168568422bbd928 /arch
parentf8d56f1771e4867acc461146764b4feeb5245669 (diff)
xen: fix Xen domU boot with batched mprotect
Impact: fix guest kernel boot crash on certain configs Recent i686 2.6.27 kernels with a certain amount of memory (between 736 and 855MB) have a problem booting under a hypervisor that supports batched mprotect (this includes the RHEL-5 Xen hypervisor as well as any 3.3 or later Xen hypervisor). The problem ends up being that xen_ptep_modify_prot_commit() is using virt_to_machine to calculate which pfn to update. However, this only works for pages that are in the p2m list, and the pages coming from change_pte_range() in mm/mprotect.c are kmap_atomic pages. Because of this, we can run into the situation where the lookup in the p2m table returns an INVALID_MFN, which we then try to pass to the hypervisor, which then (correctly) denies the request to a totally bogus pfn. The right thing to do is to use arbitrary_virt_to_machine, so that we can be sure we are modifying the right pfn. This unfortunately introduces a performance penalty because of a full page-table-walk, but we can avoid that penalty for pages in the p2m list by checking if virt_addr_valid is true, and if so, just doing the lookup in the p2m table. The attached patch implements this, and allows my 2.6.27 i686 based guest with 768MB of memory to boot on a RHEL-5 hypervisor again. Thanks to Jeremy for the suggestions about how to fix this particular issue. Signed-off-by: Chris Lalancette <clalance@redhat.com> Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> Cc: Chris Lalancette <clalance@redhat.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'arch')
-rw-r--r--arch/x86/xen/mmu.c18
1 files changed, 14 insertions, 4 deletions
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
index d4d52f5a1cf7..aba77b2b7d18 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -246,11 +246,21 @@ xmaddr_t arbitrary_virt_to_machine(void *vaddr)
246{ 246{
247 unsigned long address = (unsigned long)vaddr; 247 unsigned long address = (unsigned long)vaddr;
248 unsigned int level; 248 unsigned int level;
249 pte_t *pte = lookup_address(address, &level); 249 pte_t *pte;
250 unsigned offset = address & ~PAGE_MASK; 250 unsigned offset;
251 251
252 BUG_ON(pte == NULL); 252 /*
253 * if the PFN is in the linear mapped vaddr range, we can just use
254 * the (quick) virt_to_machine() p2m lookup
255 */
256 if (virt_addr_valid(vaddr))
257 return virt_to_machine(vaddr);
253 258
259 /* otherwise we have to do a (slower) full page-table walk */
260
261 pte = lookup_address(address, &level);
262 BUG_ON(pte == NULL);
263 offset = address & ~PAGE_MASK;
254 return XMADDR(((phys_addr_t)pte_mfn(*pte) << PAGE_SHIFT) + offset); 264 return XMADDR(((phys_addr_t)pte_mfn(*pte) << PAGE_SHIFT) + offset);
255} 265}
256 266
@@ -410,7 +420,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr,
410 420
411 xen_mc_batch(); 421 xen_mc_batch();
412 422
413 u.ptr = virt_to_machine(ptep).maddr | MMU_PT_UPDATE_PRESERVE_AD; 423 u.ptr = arbitrary_virt_to_machine(ptep).maddr | MMU_PT_UPDATE_PRESERVE_AD;
414 u.val = pte_val_ma(pte); 424 u.val = pte_val_ma(pte);
415 xen_extend_mmu_update(&u); 425 xen_extend_mmu_update(&u);
416 426