linux/arch
Ahmed S. Darwish 1ce70c4fac x86/lguest: fix pgdir pmd index calculation
Hi all,

Beginning from commits close to v2.6.25-rc2, running lguest always oopses
the host kernel. Oops is at [1].

Bisection led to the following commit:

commit 37cc8d7f96

    x86/early_ioremap: don't assume we're using swapper_pg_dir

    At the early stages of boot, before the kernel pagetable has been
    fully initialized, a Xen kernel will still be running off the
    Xen-provided pagetables rather than swapper_pg_dir[].  Therefore,
    readback cr3 to determine the base of the pagetable rather than
    assuming swapper_pg_dir[].

 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
 {
-	pgd_t *pgd = &swapper_pg_dir[pgd_index(addr)];
+	/* Don't assume we're using swapper_pg_dir at this point */
+	pgd_t *base = __va(read_cr3());
+	pgd_t *pgd = &base[pgd_index(addr)];
 	pud_t *pud = pud_offset(pgd, addr);
 	pmd_t *pmd = pmd_offset(pud, addr);

Trying to analyze the problem, it seems on the guest side of lguest,
%cr3 has a different value from &swapper_pg-dir (which
is AFAIK fine on a pravirt guest):

Putting some debugging messages in early_ioremap_pmd:

/* Appears 3 times */
[    0.000000] ***************************
[    0.000000] __va(%cr3) = c0000000, &swapper_pg_dir = c02cc000
[    0.000000] ***************************

After 8 hours of debugging and staring on lguest code, I noticed something
strange in paravirt_ops->set_pmd hypercall invocation:

static void lguest_set_pmd(pmd_t *pmdp, pmd_t pmdval)
{
	*pmdp = pmdval;
	lazy_hcall(LHCALL_SET_PMD, __pa(pmdp)&PAGE_MASK,
		   (__pa(pmdp)&(PAGE_SIZE-1))/4, 0);
}

The first hcall parameter is global pgdir which looks fine. The second
parameter is the pmd index in the pgdir which is suspectful.

AFAIK, calculating the index of pmd does not need a divisoin over four.
Removing the division made lguest work fine again . Patch is at [2].

I am not sure why the division over four existed in the first place. It
seems bogus, maybe the Xen patch just made the problem appear ?

[2]: The patch:

[PATCH] lguest: fix pgdir pmd index cacluation

Remove an error in index calculation which leads to removing
a not existing shadow page table (leading to a Null dereference).

Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2008-02-26 12:55:49 +01:00
..
alpha Introduce path_put() 2008-02-14 21:13:33 -08:00
arm ARM: OMAP: Release i2c_adapter after use (Siemens SX1) 2008-02-24 20:03:41 +01:00
avr32 ide: introduce HAVE_IDE 2008-02-09 10:46:40 +01:00
blackfin d_path: Make d_path() use a struct path 2008-02-14 21:17:09 -08:00
cris cris: import memset.c from newlib: fixes compile error with newer (pre4.3) gcc 2008-02-14 20:58:04 -08:00
frv FRV: Change the timerfd syscalls to be the same as i386 2008-02-20 19:58:16 -08:00
h8300 h8300: defconfig update 2008-02-23 17:12:16 -08:00
ia64 [IA64] Fix build for sim_defconfig 2008-02-11 13:23:46 -08:00
m32r ide: introduce HAVE_IDE 2008-02-09 10:46:40 +01:00
m68k ide: introduce HAVE_IDE 2008-02-09 10:46:40 +01:00
m68knommu m68knommu: fix profile timer 2008-02-14 20:58:05 -08:00
mips [MIPS] BCM47XX: Use new SSB SPROM data structure 2008-02-19 17:01:34 +00:00
mn10300 MN10300: define HZ as a config option 2008-02-23 17:12:13 -08:00
parisc Introduce path_put() 2008-02-14 21:13:33 -08:00
powerpc Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc 2008-02-21 16:18:05 -08:00
ppc [POWERPC] PPC440EP Interrupt Triggering and Level Settings 2008-02-15 21:33:02 -06:00
s390 [S390] Fix futex_atomic_cmpxchg_std inline assembly. 2008-02-19 15:29:35 +01:00
sh sh: Fix multiple UTLB hit on UP SH-4. 2008-02-14 14:45:08 +09:00
sparc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6 2008-02-19 07:53:28 -08:00
sparc64 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6 2008-02-23 21:00:21 -08:00
um uml: fix FP register corruption 2008-02-23 17:12:15 -08:00
v850 ide: introduce HAVE_IDE 2008-02-09 10:46:40 +01:00
x86 x86/lguest: fix pgdir pmd index calculation 2008-02-26 12:55:49 +01:00
xtensa [XTENSA] Allow debugger to modify the WINDOWBASE register. 2008-02-13 17:45:36 -08:00
.gitignore arch: Ignore arch/i386 and arch/x86_64 2008-01-19 21:29:39 -08:00
Kconfig Move Kconfig.instrumentation to arch/Kconfig and init/Kconfig 2008-02-03 08:58:08 +01:00