Re: port-xen/47057: Xen NetBSD DomU file system trash under Linux Dom0

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Sun, Oct 21, 2012 at 08:10:36PM +0200, Roger Pau Monné wrote:
> On Sun, Oct 21, 2012 at 8:00 PM, Manuel Bouyer 
> <bouyer%antioche.eu.org@localhost> wrote:
> > Does linux do this silently, or does it complain when the ring
> > corruption occurs ?
> 
> With the patch attached in the previous post, we will do the same as
> Linux (reset indexes and printk). I've never seen that happen in
> Linux, so I'm not sure if there's anything else.
> 
> >> Is it possible that someone writes to the machine address
> >> xen_start_info.store_mfn and is there anyway to check that nobody is
> >> mapping this ma to another va?
> >
> > I've been thinking about checking this, but it's harder to do.
> > Maybe it's easier to do this check in the hypervisor ?
> 
> Will check that, not sure if there's an easy way to this in the hypervisor.

You can also try the attached patch, which should catch a mapping to
the same store's ma via regular pmap functons. If it's something more
clever, we'll need a more clever checks ...

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

Index: x86/x86/pmap.c
===================================================================
RCS file: /cvsroot/src/sys/arch/x86/x86/pmap.c,v
retrieving revision 1.178
diff -u -p -u -r1.178 pmap.c
--- x86/x86/pmap.c      15 Jun 2012 13:53:40 -0000      1.178
+++ x86/x86/pmap.c      21 Oct 2012 18:26:43 -0000
@@ -325,6 +325,8 @@ kmutex_t pmaps_lock;
 
 static vaddr_t pmap_maxkvaddr;
 
+extern void *xenstore_interface;
+
 /*
  * XXX kludge: dummy locking to make KASSERTs in uvm_page.c comfortable.
  * actual locking is done by pm_lock.
@@ -994,6 +996,9 @@ pmap_kenter_pa(vaddr_t va, paddr_t pa, v
        } else
 #endif /* DOM0OPS */
                npte = pmap_pa2pte(pa);
+
+       if (xenstore_interface != NULL)
+               KASSERT(npte != (xen_start_info.store_mfn << PAGE_SHIFT));
        npte |= protection_codes[prot] | PG_k | PG_V | pmap_pg_g;
        npte |= pmap_pat_flags(flags);
        opte = pmap_pte_testset(pte, npte); /* zap! */
@@ -1026,6 +1031,8 @@ pmap_emap_enter(vaddr_t va, paddr_t pa, 
 #endif
                npte = pmap_pa2pte(pa);
 
+       if (xenstore_interface != NULL)
+               KASSERT(npte != (xen_start_info.store_mfn << PAGE_SHIFT));
        npte = pmap_pa2pte(pa);
        npte |= protection_codes[prot] | PG_k | PG_V;
        pmap_pte_set(pte, npte);
@@ -3900,6 +3907,8 @@ pmap_enter_ma(struct pmap *pmap, vaddr_t
        bool wired = (flags & PMAP_WIRED) != 0;
        struct pmap *pmap2;
 
+       if (xenstore_interface != NULL)
+               KASSERT(ma != (xen_start_info.store_mfn << PAGE_SHIFT));
        KASSERT(pmap_initialized);
        KASSERT(curlwp->l_md.md_gc_pmap != pmap);
        KASSERT(va < VM_MAX_KERNEL_ADDRESS);
Index: xen/x86/xen_pmap.c
===================================================================
RCS file: /cvsroot/src/sys/arch/xen/x86/xen_pmap.c,v
retrieving revision 1.22
diff -u -p -u -r1.22 xen_pmap.c
--- xen/x86/xen_pmap.c  24 Jun 2012 18:31:53 -0000      1.22
+++ xen/x86/xen_pmap.c  21 Oct 2012 18:26:43 -0000
@@ -174,12 +174,16 @@ void
 pmap_kenter_ma(vaddr_t va, paddr_t ma, vm_prot_t prot, u_int flags)
 {
        pt_entry_t *pte, opte, npte;
+       extern void *xenstore_interface;
 
        if (va < VM_MIN_KERNEL_ADDRESS)
                pte = vtopte(va);
        else
                pte = kvtopte(va);
 
+       if (xenstore_interface != NULL)
+               KASSERT(ma != (xen_start_info.store_mfn << PAGE_SHIFT) ||
+                   va == (vaddr_t)xenstore_interface);
        npte = ma | ((prot & VM_PROT_WRITE) ? PG_RW : PG_RO) |
             PG_V | PG_k;
        if (flags & PMAP_NOCACHE)