Re: xen3pae on 5.0_stable/i386

To: Mark Davies <mark%ecs.vuw.ac.nz@localhost>
Subject: Re: xen3pae on 5.0_stable/i386
From: Christoph Egger <Christoph_Egger%gmx.de@localhost>
Date: Sat, 23 Jan 2010 02:01:39 +0100

On 23.01.10 00:08, Mark Davies wrote:
> On Saturday 23 January 2010 03:27:09 Manuel Bouyer wrote:
>> But it seems there's (paddr_t) cast missing when converting mfn to
>>  paddr, and a 'ma' variable is u_long which should be a paddr_t.
>> Mark, can you try the attached patch ?
> 
> That got the domU's started but now I've hit another problem - the network 
> interfaces don't work.
> 
> the xm dmesg has lots of:
> 
> (XEN) mm.c:516:d0 Could not get page ref for pfn 725b3
> (XEN) mm.c:2491:d0 Could not get page for mach->phys update
> (XEN) mm.c:2784:d0 gnttab_transfer: Bad page 000725b2: ed=ff278100(0), 
> sd=00000000, caf=00000000, taf=00000000
> (XEN)
> (XEN) mm.c:1608:d0 Error pfn 725b4: rd=ff278100, od=00000000, caf=00000000, 
> taf=00000000
> (XEN) mm.c:649:d0 Error getting mfn 725b4 (pfn 55555555) from L1 entry 
> 00000000725b4063 for dom0
> (XEN) mm.c:1608:d0 Error pfn 725b4: rd=ff278100, od=00000000, caf=00000000, 
> taf=00000000
> (XEN) mm.c:516:d0 Could not get page ref for pfn 725b4
> (XEN) mm.c:2491:d0 Could not get page for mach->phys update
> (XEN) mm.c:2784:d0 gnttab_transfer: Bad page 000725b3: ed=ff278100(0), 
> sd=00000000, caf=00000000, taf=00000000
> 
> and the dom0 is logging lots of:
> 
> Jan 23 11:37:08 green-mountain /netbsd: xvif4.0: xstart_mcl[1] failed 
> (4294967274)
> Jan 23 11:37:08 green-mountain /netbsd: xvif4.0: req_prod 954 req_cons 700 
> rsp_prod 698 rsp_prod_pvt 698 i 2
> Jan 23 11:37:08 green-mountain /netbsd: xvif4.0: xstart_mcl[2] failed 
> (4294967274)
> Jan 23 11:37:08 green-mountain /netbsd: xvif4.0: req_prod 954 req_cons 700 
> rsp_prod 698 rsp_prod_pvt 698 i 2
> Jan 23 11:37:08 green-mountain /netbsd: xvif4.0 GNTTABOP_transfer[0] -9
> Jan 23 11:37:08 green-mountain /netbsd: xvif4.0: req_prod 954 req_cons 700 
> rsp_prod 698 rsp_prod_pvt 698 i 2
> Jan 23 11:37:08 green-mountain /netbsd: xvif4.0 GNTTABOP_transfer[1] -9
> Jan 23 11:37:08 green-mountain /netbsd: xvif4.0: req_prod 954 req_cons 700 
> rsp_prod 698 rsp_prod_pvt 698 i 2

So we have address overflow in xennet and in xengnt.
Some more variables storing physical addresses must be of type paddr_t.

Manuel: I am not sure if attached patch is correct (only compile
tested), but it points into the right direction at least.

Christoph

Index: sys/arch/xen/xen/if_xennet_xenbus.c
===================================================================
RCS file: /cvsroot/src/sys/arch/xen/xen/if_xennet_xenbus.c,v
retrieving revision 1.40
diff -u -p -r1.40 if_xennet_xenbus.c
--- sys/arch/xen/xen/if_xennet_xenbus.c 19 Jan 2010 22:06:23 -0000      1.40
+++ sys/arch/xen/xen/if_xennet_xenbus.c 23 Jan 2010 00:56:14 -0000
@@ -208,7 +208,7 @@ struct xennet_xenbus_softc {
 
 /* too big to be on stack */
 static multicall_entry_t rx_mcl[NET_RX_RING_SIZE+1];
-static u_long xennet_pages[NET_RX_RING_SIZE];
+static paddr_t xennet_pages[NET_RX_RING_SIZE];
 
 static int  xennet_xenbus_match(device_t, cfdata_t, void *);
 static void xennet_xenbus_attach(device_t, device_t, void *);
@@ -604,7 +604,7 @@ xennet_alloc_rx_buffer(struct xennet_xen
        xpq_flush_queue();
        splx(s2);
        /* now decrease reservation */
-       xenguest_handle(reservation.extent_start) = xennet_pages;
+       xenguest_handle(reservation.extent_start) = (u_long *)xennet_pages; /* 
XXX */
        reservation.nr_extents = i;
        reservation.extent_order = 0;
        reservation.address_bits = 0;
Index: sys/arch/xen/xen/xengnt.c
===================================================================
RCS file: /cvsroot/src/sys/arch/xen/xen/xengnt.c,v
retrieving revision 1.16
diff -u -p -r1.16 xengnt.c
--- sys/arch/xen/xen/xengnt.c   7 Nov 2009 07:27:49 -0000       1.16
+++ sys/arch/xen/xen/xengnt.c   23 Jan 2010 00:56:14 -0000
@@ -127,20 +127,20 @@ static int
 xengnt_more_entries(void)
 {
        gnttab_setup_table_t setup;
-       unsigned long *pages;
+       paddr_t *pages;
        int nframes_new = gnt_nr_grant_frames + 1;
        int i;
 
        if (gnt_nr_grant_frames == gnt_max_grant_frames)
                return ENOMEM;
 
-       pages = malloc(nframes_new * sizeof(long), M_DEVBUF, M_NOWAIT);
+       pages = malloc(nframes_new * sizeof(paddr_t), M_DEVBUF, M_NOWAIT);
        if (pages == NULL)
                return ENOMEM;
 
        setup.dom = DOMID_SELF;
        setup.nr_frames = nframes_new;
-       xenguest_handle(setup.frame_list) = pages;
+       xenguest_handle(setup.frame_list) = (unsigned long *)pages; /* XXX */
 
        /*
         * setup the grant table, made of nframes_new frames
@@ -156,7 +156,7 @@ xengnt_more_entries(void)
                return ENOMEM;
        }
 
-       DPRINTF(("xengnt_more_entries: map 0x%lx -> %p\n",
+       DPRINTF(("xengnt_more_entries: map 0x%"PRIxPADDR" -> %p\n",
            pages[gnt_nr_grant_frames],
            (char *)grant_table + gnt_nr_grant_frames * PAGE_SIZE));
 
@@ -165,7 +165,8 @@ xengnt_more_entries(void)
         * the grant table frames
         */
        pmap_kenter_ma(((vaddr_t)grant_table) + gnt_nr_grant_frames * PAGE_SIZE,
-           pages[gnt_nr_grant_frames] << PAGE_SHIFT, VM_PROT_WRITE, 0);
+           pages[gnt_nr_grant_frames] << PAGE_SHIFT,
+           VM_PROT_WRITE, 0);
 
        /*
         * add the grant entries associated to the last grant table frame

Follow-Ups:
- Re: xen3pae on 5.0_stable/i386
  - From: Jean-Yves Migeon

References:
- Re: xen3pae on 5.0_stable/i386
  - From: Mark Davies
- Re: xen3pae on 5.0_stable/i386
  - From: Christoph Egger
- Re: xen3pae on 5.0_stable/i386
  - From: Manuel Bouyer
- Re: xen3pae on 5.0_stable/i386
  - From: Mark Davies

Prev by Date: Re: xen3pae on 5.0_stable/i386
Next by Date: Re: xen3pae on 5.0_stable/i386
Previous by Thread: Re: xen3pae on 5.0_stable/i386
Next by Thread: Re: xen3pae on 5.0_stable/i386
Indexes:

Home | Main Index | Thread Index | Old Index