Xen project Mailing List

Re: [Xen-devel] [PATCH] xen/p2m: check MFN is in range before using the m2p table

To: "David Vrabel" <david.vrabel@xxxxxxxxxx>

From: "Jan Beulich" <JBeulich@xxxxxxxx>

Date: Thu, 29 Aug 2013 08:07:34 +0100

Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxxxxx>

Delivery-date: Thu, 29 Aug 2013 07:08:09 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 28.08.13 at 19:30, David Vrabel <david.vrabel@xxxxxxxxxx> wrote: > From: David Vrabel <david.vrabel@xxxxxxxxxx> > > On hosts with more than 168 GB of memory, a 32-bit guest may attempt > to grant map an MFN that is not cannot lookup in its mapping of the > m2p table. There is an m2p lookup as part of m2p_add_override() and > m2p_remove_override(). The lookup falls off the end of the mapped > portion of the m2p and (because the mapping is at the highest virtual > address) wraps around and the lookup causes a fault on what appears to > be a user space address. > > do_page_fault() (thinking it's a fault to a userspace address), tries > to lock mm->mmap_sem. If the gntdev device is used for the grant map, > m2p_add_override() is called from from gnttab_mmap() with mm->mmap_sem > already locked. do_page_fault() then deadlocks. > > The deadlock would most commonly occur when a 64-bit guest is started > and xenconsoled attempts to grant map its console ring. > > Introduce mfn_to_pfn_no_overrides() which checks the MFN is within the > mapped portion of the m2p table before accessing the table and use > this in m2p_add_override(), m2p_remove_override(), and mfn_to_pfn() > (which already had the correct range check). > > All faults caused by accessing the non-existant parts of the m2p are > thus within the kernel address space and exception_fixup() is called > without trying to lock mm->mmap_sem. > > Signed-off-by: David Vrabel <david.vrabel@xxxxxxxxxx> This all looks quite fine to me, but iiuc it only removes the deadlock, it doesn't make things work. In order to make it work I think we'd need a hypercall (albeit even then it would work only up to 1Tb). Otoh the question of course is whether driving this big a system with a 32-bit Dom0 kernel is a reasonable thing in the first place. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.