Olaf Hering
e2d8bf077a
Merge paging related fixes from xen-unstable: 23506-x86_Disable_set_gpfn_from_mfn_until_m2p_table_is_allocated..patch 23507-xenpaging_update_machine_to_phys_mapping_during_page_deallocation.patch 23509-x86_32_Fix_build_Define_machine_to_phys_mapping_valid.patch 23562-xenpaging_remove_unused_spinlock_in_pager.patch 23576-x86_show_page_walk_also_for_early_page_faults.patch 23577-tools_merge_several_bitop_functions_into_xc_bitops.h.patch 23578-xenpaging_add_xs_handle_to_struct_xenpaging.patch 23579-xenpaging_drop_xc.c_remove_ASSERT.patch 23580-xenpaging_drop_xc.c_remove_xc_platform_info_t.patch 23581-xenpaging_drop_xc.c_remove_xc_wait_for_event.patch 23582-xenpaging_drop_xc.c_move_xc_mem_paging_flush_ioemu_cache.patch 23583-xenpaging_drop_xc.c_move_xc_wait_for_event_or_timeout.patch 23584-xenpaging_drop_xc.c_remove_xc_files.patch 23585-xenpaging_correct_dropping_of_pages_to_avoid_full_ring_buffer.patch 23586-xenpaging_do_not_bounce_p2mt_back_to_the_hypervisor.patch 23587-xenpaging_remove_srand_call.patch 23588-xenpaging_remove_return_values_from_functions_that_can_not_fail.patch 23589-xenpaging_catch_xc_mem_paging_resume_errors.patch 23590-xenpaging_remove_local_domain_id_variable.patch 23591-xenpaging_move_num_pages_into_xenpaging_struct.patch 23592-xenpaging_start_paging_in_the_middle_of_gfn_range.patch 23593-xenpaging_pass_integer_to_xenpaging_populate_page.patch 23594-xenpaging_add_helper_function_for_unlinking_pagefile.patch 23595-xenpaging_add_watch_thread_to_catch_guest_shutdown.patch 23596-xenpaging_implement_stopping_of_pager_by_sending_SIGTERM-SIGINT.patch 23597-xenpaging_remove_private_mem_event.h.patch 23599-tools_fix_build_after_recent_xenpaging_changes.patch 23817-mem_event_add_ref_counting_for_free_requestslots.patch 23818-mem_event_use_mem_event_mark_and_pause_in_mem_event_check_ring.patch 23827-xenpaging_use_batch_of_pages_during_final_page-in.patch 23841-mem_event_pass_mem_event_domain_pointer_to_mem_event_functions.patch 23842-mem_event_use_different_ringbuffers_for_share_paging_and_access.patch 23874-xenpaging_track_number_of_paged_pages_in_struct_domain.patch 23904-xenpaging_use_p2m-get_entry_in_p2m_mem_paging_functions.patch 23905-xenpaging_fix_locking_in_p2m_mem_paging_functions.patch 23906-xenpaging_remove_confusing_comment_from_p2m_mem_paging_populate.patch 23908-p2m_query-modify_p2mt_with_p2m_lock_held.patch 23943-xenpaging_clear_page_content_after_evict.patch 23953-xenpaging_handle_evict_failures.patch 23978-xenpaging_check_p2mt_in_p2m_mem_paging_functions.patch 23979-xenpaging_document_p2m_mem_paging_functions.patch 23980-xenpaging_disallow_paging_in_a_PoD_guest.patch Remove obsolete patches: x86-show-page-walk-early.patch xenpaging.23817-mem_event_check_ring.patch xenpaging.catch-xc_mem_paging_resume-error.patch xenpaging.guest_remove_page.slow_path.patch xenpaging.mem_event-no-p2mt.patch xenpaging.no-srand.patch xenpaging.return-void.patch xenpaging.xenpaging_populate_page-gfn.patch - xen.spec: use changeset number as patch number for upstream patches OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=151
63 lines
2.6 KiB
Diff
63 lines
2.6 KiB
Diff
changeset: 23507:0a29c8c3ddf7
|
|
user: Keir Fraser <keir@xen.org>
|
|
date: Fri Jun 10 08:19:07 2011 +0100
|
|
files: xen/common/page_alloc.c
|
|
description:
|
|
xenpaging: update machine_to_phys_mapping[] during page deallocation
|
|
|
|
The machine_to_phys_mapping[] array needs updating during page
|
|
deallocation. If that page is allocated again, a call to
|
|
get_gpfn_from_mfn() will still return an old gfn from another guest.
|
|
This will cause trouble because this gfn number has no or different
|
|
meaning in the context of the current guest.
|
|
|
|
This happens when the entire guest ram is paged-out before
|
|
xen_vga_populate_vram() runs. Then XENMEM_populate_physmap is called
|
|
with gfn 0xff000. A new page is allocated with alloc_domheap_pages.
|
|
This new page does not have a gfn yet. However, in
|
|
guest_physmap_add_entry() the passed mfn maps still to an old gfn
|
|
(perhaps from another old guest). This old gfn is in paged-out state
|
|
in this guests context and has no mfn anymore. As a result, the
|
|
ASSERT() triggers because p2m_is_ram() is true for p2m_ram_paging*
|
|
types. If the machine_to_phys_mapping[] array is updated properly,
|
|
both loops in guest_physmap_add_entry() turn into no-ops for the new
|
|
page and the mfn/gfn mapping will be done at the end of the function.
|
|
|
|
If XENMEM_add_to_physmap is used with XENMAPSPACE_gmfn,
|
|
get_gpfn_from_mfn() will return an appearently valid gfn. As a
|
|
result, guest_physmap_remove_page() is called. The ASSERT in
|
|
p2m_remove_page triggers because the passed mfn does not match the old
|
|
mfn for the passed gfn.
|
|
|
|
Signed-off-by: Olaf Hering <olaf@aepfle.de>
|
|
|
|
|
|
---
|
|
xen/common/page_alloc.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
Index: xen-4.1.2-testing/xen/common/page_alloc.c
|
|
===================================================================
|
|
--- xen-4.1.2-testing.orig/xen/common/page_alloc.c
|
|
+++ xen-4.1.2-testing/xen/common/page_alloc.c
|
|
@@ -528,7 +528,7 @@ static int reserve_offlined_page(struct
|
|
static void free_heap_pages(
|
|
struct page_info *pg, unsigned int order)
|
|
{
|
|
- unsigned long mask;
|
|
+ unsigned long mask, mfn = page_to_mfn(pg);
|
|
unsigned int i, node = phys_to_nid(page_to_maddr(pg)), tainted = 0;
|
|
unsigned int zone = page_to_zone(pg);
|
|
|
|
@@ -539,6 +539,10 @@ static void free_heap_pages(
|
|
|
|
for ( i = 0; i < (1 << order); i++ )
|
|
{
|
|
+ /* This page is not a guest frame any more. */
|
|
+ page_set_owner(&pg[i], NULL); /* set_gpfn_from_mfn snoops pg owner */
|
|
+ set_gpfn_from_mfn(mfn + i, INVALID_M2P_ENTRY);
|
|
+
|
|
/*
|
|
* Cannot assume that count_info == 0, as there are some corner cases
|
|
* where it isn't the case and yet it isn't a bug:
|