Re: Dom0 PAE panic when starting xend

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Tue, Mar 03, 2009 at 08:02:25PM +0100, Jean-Yves Migeon wrote:
> Got it, things are really funny.
> 
> Is it expected that kmem_alloc() returns sometimes unaligned addresses 
> for PAGE_SIZE allocations, like this one?
> 
> ...
>         /* we only need one L3 page */
>         l3_p2m_page = kmem_alloc(PAGE_SIZE, KM_NOSLEEP);
>         if (l3_p2m_page == NULL)
>                 panic("could not allocate memory for l3_p2m_page");
> ...
> 
> 
> +++++fatal breakpoint trap in supervisor mode
> trap type 1 code 0 eip c0127594 cs 9 eflags 202 cr2 c29cf975 ilevel 6
> Stopped in pid 0.2 (system) at  netbsd:breakpoint+0x4:  popl    %ebp
> db> x l3_p2m_page
> netbsd:l3_p2m_page:     c2830004
> 
> 
> If yes, I'd like to add a comment about it in kmem_alloc(9), because it 
> is really _a_bad_thing_® in some cases with Xen.
> 
> Reverting my change from kmem_alloc() to a mere malloc() fixes my issue:
> [...]

I guess it's a side effect of the malloc implementation; but I don't think
we can rely on it either. Better use uvm_km_alloc() for this; which take
an explicit alignement parameter.

> 
> On a side note, I would like to bring to your attention that this kind 
> of "bug" inside a domU _does_ bring down a dom0, by making it loop 
> inside its page fault handler. So, in essence, you got a DoS here, 
> potentially harming all your domUs when trying to save/migrate one. I 
> will test it with XenSource's Linux to see how it behaves.
> 
> Who is at fault here? Should NetBSD add some checks against invalid 
> mappings (when hypercall returns EINVAL for a foreign domain), or should 
> xentools check the validity (against a poison for example) and abort the 
> operation if it triggers?

If the hypercall returns a proper error code, it should be used and handled
appropriately, I'd say.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--