[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Error accessing memory mapped by xenforeignmemory_map()

I'm trying to use the "xenforeignmemory" library to read arbitrary
memory ranges from a Xen domain. The code performing the reads is
designed to run in dom0 on a Zynq ultrascale MPSoC (ARM64), though I'm
currently testing in QEMU. I constructed a simple test program, which
reads an arbitrary domid/address pair from the command line, converts
the address (assumed to be physical) to a page frame number, and uses
xenforeignmemory_map() to map the page into the test app's virtual
memory space. Although xenforeignmemory_map() returns a non-NULL
pointer, my attempt to dereference it fails with the following error:

(XEN) traps.c:2508:d0v1 HSR=0x93810007 pc=0x400a20 gva=0x7f965f7000
[   74.361735] Unhandled fault: ttbr address size fault (0x92000000)
at 0x0000007f965f7000
Bus error

It's not clear to me which address is causing the fault: the (dom0)
guest-virtual (0x7f965f7000), the guest-physical (0x30555000), or the
arbitrary physical address I'm attempting to map (not shown)? The
guest-virtual address is the one returned by the mmap() call buried
within xenforeignmemory_map(), so I don't have any control over it. I'm
not an ARM expert, but my understanding of the "ttbr address size" fault
is that it's generated when a physical address that exceeds ranges
defined in one of the control registers involved in page table lookups
is placed on the address bus. I'm not in any way modifying the page
tables constructed by the xilinx linux kernel, so it seems odd that
mmap() would be allocating the buffer at an illegal address.

My ultimate goal is to map physical addresses from a user domain into
dom0, but for now, I'm simply trying to map physical addresses from dom0
itself. (I'm assuming the attempt to pass domid==0 in the call to
xenforeignmemory_map() would have generated an error if mapping dom0's
memory space were not supported.) The idea is to be able to read
kernel code/data mapped at fixed (physical) addresses in a guest.

First of all, I'd like to know whether what I'm attempting to do is
valid: i.e., can I use xenforeignmemory_map() to read an arbitrary page
(specified by guest-physical page number) in an arbitrary guest domain
(including but not limited to dom0)? If the concept is valid, is there
perhaps something I need to do with the pointer returned by
xenforeignmemory_map() before attempting to dereference? (I noticed a
post-processing call to some sort of "normalise_page" function in at
least one xen tool that uses xenforeignmemory_map(), which made me
wonder whether there might be scenarios in which the buffer returned by
xenforeignmemory_map() was not ready for immediate use.)

I'd appreciate any insight anyone can provide into any of this. I've
been unable to find much documentation on use of the "foreignmemory"
interface. Links to documentation and/or a project that uses the
"foreignmemory" interface would be greatly appreciated. I considered
posting to xen-devel, but I wanted to be sure that what I was trying to
do made sense before reporting a possible bug...

Brett S.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.