Re: [Xen-devel] guest crash in wrmsr_hypervisor_regs if hypercall page is paged out

[Tim Deegan <tim@xxxxxxx>]

At 16:43 +0200 on 02 May (1367512981), Olaf Hering wrote:
> On Thu, May 02, Tim Deegan wrote:
> 
> > At 20:19 +0200 on 30 Apr (1367353157), Olaf Hering wrote:
> > > 
> > > With current xen-unstable I see this guest crash if the gfn 169ff is
> > > paged out. The xenpaging -v output shows that 169ff is populated, but
> > > appearently wrmsr_hypervisor_regs does not like the resulting mfn?!
> > 
> > Looks that way:
> > 
> > > (XEN) HVM10: Allocated Xen hypercall page at 169ff000
> > > (XEN) traps.c:654:d10 Bad GMFN 169ff (MFN 3e900000000) to MSR 40000000
> > 
> > That MFN looks like garbage, so I'm guessing that 'page' was null, i.e.
> > get_page_from_gfn() returned NULL.  I guess you'll need to instrument it
> > up to figure out why.  At least the GFN is a predictable constant which
> > should make it easier to add debugging printout for just this case.
> 
> The GMFN has p2m_t p2m_ram_paged, so the mfn is -1.
> 
> Its not clear to me, how should wrmsr_hypervisor_regs handle a paged
> gfn? I was under the impression that get_page_from_gfn would wait until
> the gfn is paged-in again.

Ah, it doesn't seem to be that way.  Other callers of the p2m functions
handle this in the caller. :(

So you'll need to add something like:
    if ( paged )
        p2m_mem_paging_populate(d, gmfn);

here (and anywhere else).

It would be much better if this could happen inside the p2m lookup
function, but ISTR it currently can't because you can't sleep with any
locks held.

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel