|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] Error accessing memory mapped by xenforeignmemory_map()
I'm trying to use the "xenforeignmemory" library to read arbitrary memory ranges from a Xen domain. The code performing the reads is designed to run in dom0 on a Zynq ultrascale MPSoC (ARM64), though I'm currently testing in QEMU. I constructed a simple test program, which reads an arbitrary domid/address pair from the command line, converts the address (assumed to be physical) to a page frame number, and uses xenforeignmemory_map() to map the page into the test app's virtual memory space. Although xenforeignmemory_map() returns a non-NULL pointer, my attempt to dereference it fails with the following error: (XEN) traps.c:2508:d0v1 HSR=0x93810007 pc=0x400a20 gva=0x7f965f7000 gpa=0x00000030555000 [ 74.361735] Unhandled fault: ttbr address size fault (0x92000000) at 0x0000007f965f7000 Bus error It's not clear to me which address is causing the fault: the (dom0) guest-virtual (0x7f965f7000), the guest-physical (0x30555000), or the arbitrary physical address I'm attempting to map (not shown)? The guest-virtual address is the one returned by the mmap() call buried within xenforeignmemory_map(), so I don't have any control over it. I'm not an ARM expert, but my understanding of the "ttbr address size" fault is that it's generated when a physical address that exceeds ranges defined in one of the control registers involved in page table lookups is placed on the address bus. I'm not in any way modifying the page tables constructed by the xilinx linux kernel, so it seems odd that mmap() would be allocating the buffer at an illegal address. My ultimate goal is to map physical addresses from a user domain into dom0, but for now, I'm simply trying to map physical addresses from dom0 itself. (I'm assuming the attempt to pass domid==0 in the call to xenforeignmemory_map() would have generated an error if mapping dom0's memory space were not supported.) The idea is to be able to read kernel code/data mapped at fixed (physical) addresses in a guest. First of all, I'd like to know whether what I'm attempting to do is valid: i.e., can I use xenforeignmemory_map() to read an arbitrary page (specified by guest-physical page number) in an arbitrary guest domain (including but not limited to dom0)? If the concept is valid, is there perhaps something I need to do with the pointer returned by xenforeignmemory_map() before attempting to dereference? (I noticed a post-processing call to some sort of "normalise_page" function in at least one xen tool that uses xenforeignmemory_map(), which made me wonder whether there might be scenarios in which the buffer returned by xenforeignmemory_map() was not ready for immediate use.) I'd appreciate any insight anyone can provide into any of this. I've been unable to find much documentation on use of the "foreignmemory" interface. Links to documentation and/or a project that uses the "foreignmemory" interface would be greatly appreciated. I considered posting to xen-devel, but I wanted to be sure that what I was trying to do made sense before reporting a possible bug... Thanks, Brett S. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx https://lists.xen.org/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |