pool/xen
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
396bc537b5
xen/23507-xenpaging_update_machine_to_phys_mapping_during_page_deallocation.patch

63 lines
2.6 KiB
Diff
Raw Normal View History

- fate#310510 - fix xenpaging Merge paging related fixes from xen-unstable: 23506-x86_Disable_set_gpfn_from_mfn_until_m2p_table_is_allocated..patch 23507-xenpaging_update_machine_to_phys_mapping_during_page_deallocation.patch 23509-x86_32_Fix_build_Define_machine_to_phys_mapping_valid.patch 23562-xenpaging_remove_unused_spinlock_in_pager.patch 23576-x86_show_page_walk_also_for_early_page_faults.patch 23577-tools_merge_several_bitop_functions_into_xc_bitops.h.patch 23578-xenpaging_add_xs_handle_to_struct_xenpaging.patch 23579-xenpaging_drop_xc.c_remove_ASSERT.patch 23580-xenpaging_drop_xc.c_remove_xc_platform_info_t.patch 23581-xenpaging_drop_xc.c_remove_xc_wait_for_event.patch 23582-xenpaging_drop_xc.c_move_xc_mem_paging_flush_ioemu_cache.patch 23583-xenpaging_drop_xc.c_move_xc_wait_for_event_or_timeout.patch 23584-xenpaging_drop_xc.c_remove_xc_files.patch 23585-xenpaging_correct_dropping_of_pages_to_avoid_full_ring_buffer.patch 23586-xenpaging_do_not_bounce_p2mt_back_to_the_hypervisor.patch 23587-xenpaging_remove_srand_call.patch 23588-xenpaging_remove_return_values_from_functions_that_can_not_fail.patch 23589-xenpaging_catch_xc_mem_paging_resume_errors.patch 23590-xenpaging_remove_local_domain_id_variable.patch 23591-xenpaging_move_num_pages_into_xenpaging_struct.patch 23592-xenpaging_start_paging_in_the_middle_of_gfn_range.patch 23593-xenpaging_pass_integer_to_xenpaging_populate_page.patch 23594-xenpaging_add_helper_function_for_unlinking_pagefile.patch 23595-xenpaging_add_watch_thread_to_catch_guest_shutdown.patch 23596-xenpaging_implement_stopping_of_pager_by_sending_SIGTERM-SIGINT.patch 23597-xenpaging_remove_private_mem_event.h.patch 23599-tools_fix_build_after_recent_xenpaging_changes.patch 23817-mem_event_add_ref_counting_for_free_requestslots.patch 23818-mem_event_use_mem_event_mark_and_pause_in_mem_event_check_ring.patch 23827-xenpaging_use_batch_of_pages_during_final_page-in.patch 23841-mem_event_pass_mem_event_domain_pointer_to_mem_event_functions.patch 23842-mem_event_use_different_ringbuffers_for_share_paging_and_access.patch 23874-xenpaging_track_number_of_paged_pages_in_struct_domain.patch 23904-xenpaging_use_p2m-get_entry_in_p2m_mem_paging_functions.patch 23905-xenpaging_fix_locking_in_p2m_mem_paging_functions.patch 23906-xenpaging_remove_confusing_comment_from_p2m_mem_paging_populate.patch 23908-p2m_query-modify_p2mt_with_p2m_lock_held.patch 23943-xenpaging_clear_page_content_after_evict.patch 23953-xenpaging_handle_evict_failures.patch 23978-xenpaging_check_p2mt_in_p2m_mem_paging_functions.patch 23979-xenpaging_document_p2m_mem_paging_functions.patch 23980-xenpaging_disallow_paging_in_a_PoD_guest.patch Remove obsolete patches: x86-show-page-walk-early.patch xenpaging.23817-mem_event_check_ring.patch xenpaging.catch-xc_mem_paging_resume-error.patch xenpaging.guest_remove_page.slow_path.patch xenpaging.mem_event-no-p2mt.patch xenpaging.no-srand.patch xenpaging.return-void.patch xenpaging.xenpaging_populate_page-gfn.patch - xen.spec: use changeset number as patch number for upstream patches OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=151
2011-10-20 21:52:33 +02:00
changeset: 23507:0a29c8c3ddf7
user: Keir Fraser <keir@xen.org>
date: Fri Jun 10 08:19:07 2011 +0100
files: xen/common/page_alloc.c
description:
xenpaging: update machine_to_phys_mapping[] during page deallocation
The machine_to_phys_mapping[] array needs updating during page
deallocation. If that page is allocated again, a call to
get_gpfn_from_mfn() will still return an old gfn from another guest.
This will cause trouble because this gfn number has no or different
meaning in the context of the current guest.
This happens when the entire guest ram is paged-out before
xen_vga_populate_vram() runs. Then XENMEM_populate_physmap is called
with gfn 0xff000. A new page is allocated with alloc_domheap_pages.
This new page does not have a gfn yet. However, in
guest_physmap_add_entry() the passed mfn maps still to an old gfn
(perhaps from another old guest). This old gfn is in paged-out state
in this guests context and has no mfn anymore. As a result, the
ASSERT() triggers because p2m_is_ram() is true for p2m_ram_paging*
types. If the machine_to_phys_mapping[] array is updated properly,
both loops in guest_physmap_add_entry() turn into no-ops for the new
page and the mfn/gfn mapping will be done at the end of the function.
If XENMEM_add_to_physmap is used with XENMAPSPACE_gmfn,
get_gpfn_from_mfn() will return an appearently valid gfn. As a
result, guest_physmap_remove_page() is called. The ASSERT in
p2m_remove_page triggers because the passed mfn does not match the old
mfn for the passed gfn.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
---
xen/common/page_alloc.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
Index: xen-4.1.2-testing/xen/common/page_alloc.c
===================================================================
--- xen-4.1.2-testing.orig/xen/common/page_alloc.c
+++ xen-4.1.2-testing/xen/common/page_alloc.c
@@ -528,7 +528,7 @@ static int reserve_offlined_page(struct
static void free_heap_pages(
struct page_info *pg, unsigned int order)
{
- unsigned long mask;
+ unsigned long mask, mfn = page_to_mfn(pg);
unsigned int i, node = phys_to_nid(page_to_maddr(pg)), tainted = 0;
unsigned int zone = page_to_zone(pg);
@@ -539,6 +539,10 @@ static void free_heap_pages(
for ( i = 0; i < (1 << order); i++ )
{
+ /* This page is not a guest frame any more. */
+ page_set_owner(&pg[i], NULL); /* set_gpfn_from_mfn snoops pg owner */
+ set_gpfn_from_mfn(mfn + i, INVALID_M2P_ENTRY);
+
/*
* Cannot assume that count_info == 0, as there are some corner cases
* where it isn't the case and yet it isn't a bug:
Reference in New Issue Copy Permalink