Question about grant table

Question about grant table

[Ruslan Nikolaev]

Hi

I have a question regarding a grant table. I have a case when I have some shared (between domains) pages mapped to the user space. I created a special driver which implements mmap(). That, in turns, will execute gnttab_map_refs(). This all works fine until I want to do something like exec().

After I do exec(), I want to mmap() the *same* pages (i.e. using the same grant references) to some new user address space which is chosen by mmap(). During exec(), it will invalidate user address space, and  release() from mmu_notifier will be called. This means, that my driver will execute gnttab_unmap_refs. After exec() succeeded, I invoke mmap() again which will do gnttab_map_refs().

At this point I get kernel errors like this:
[  198.939095] BUG: Bad page map in process a.out  pte:80000002457f1167 pmd:245094067
[  198.939099] page:ffffea000915fc40 count:1 mapcount:-1 mapping:          (null) index:0xffff8802d958f720
[  198.939102] page flags: 0x8000000000000814(referenced|dirty|private)
[  198.939109] addr:00007fd302f40000 vm_flags:000e00fb anon_vma:          (null) mapping:ffff8802d782f760 index:0
[  198.939124] vma->vm_ops->fault: 0x0
[  198.939128] vma->vm_file->f_op->mmap: syscall_driver_mmap+0x0/0xc9 [syscall_driver]


So, I have two questions in this regard:
1. Does gnttab_unmap_refs removes grant references, so that I cannot use them any longer? What would be proper way to preserve grant references but at the same time unmap from the current user address space shared pages?

2. What happens to the counters like count, mapcount when I do gnttab_map_refs() and gnntab_unmap_refs()?

Thanks,
Ruslan

Re: Question about grant table

[Jan Beulich]

>>> On 23.04.12 at 23:13, Ruslan Nikolaev <nruslan_devel@yahoo.com> wrote:
> Hi
> 
> I have a question regarding a grant table. I have a case when I have some 
> shared (between domains) pages mapped to the user space. I created a special 
> driver which implements mmap(). That, in turns, will execute 
> gnttab_map_refs(). This all works fine until I want to do something like 
> exec().
> 
> After I do exec(), I want to mmap() the *same* pages (i.e. using the same 
> grant references) to some new user address space which is chosen by mmap(). 
> During exec(), it will invalidate user address space, and  release() from 
> mmu_notifier will be called. This means, that my driver will execute 
> gnttab_unmap_refs. After exec() succeeded, I invoke mmap() again which will 
> do gnttab_map_refs().
> 
> At this point I get kernel errors like this:
> [  198.939095] BUG: Bad page map in process a.out  pte:80000002457f1167 
> pmd:245094067
> [  198.939099] page:ffffea000915fc40 count:1 mapcount:-1 mapping:          
> (null) index:0xffff8802d958f720
> [  198.939102] page flags: 0x8000000000000814(referenced|dirty|private)
> [  198.939109] addr:00007fd302f40000 vm_flags:000e00fb anon_vma:          
> (null) mapping:ffff8802d782f760 index:0
> [  198.939124] vma->vm_ops->fault: 0x0
> [  198.939128] vma->vm_file->f_op->mmap: syscall_driver_mmap+0x0/0xc9 
> [syscall_driver]

This I cannot spot in the upstream kernel (and you also didn't indicate
that you use something different), so I think you need to start
investigation at that end.

Jan

> So, I have two questions in this regard:
> 1. Does gnttab_unmap_refs removes grant references, so that I cannot use 
> them any longer? What would be proper way to preserve grant references but at 
> the same time unmap from the current user address space shared pages?
> 
> 2. What happens to the counters like count, mapcount when I do 
> gnttab_map_refs() and gnntab_unmap_refs()?
> 
> Thanks,
> Ruslan
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org 
> http://lists.xen.org/xen-devel 

Re: Question about grant table

[Ruslan Nikolaev]

Ok. Can you tell what 'clear_pte' for gnttab_unmap_refs exactly do?

Ruslan.



----- Original Message -----
From: Jan Beulich <JBeulich@suse.com>
To: Ruslan Nikolaev <nruslan_devel@yahoo.com>
Cc: "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Sent: Tuesday, April 24, 2012 3:58 AM
Subject: Re: [Xen-devel] Question about grant table

>>> On 23.04.12 at 23:13, Ruslan Nikolaev <nruslan_devel@yahoo.com> wrote:
> Hi
> 
> I have a question regarding a grant table. I have a case when I have some 
> shared (between domains) pages mapped to the user space. I created a special 
> driver which implements mmap(). That, in turns, will execute 
> gnttab_map_refs(). This all works fine until I want to do something like 
> exec().
> 
> After I do exec(), I want to mmap() the *same* pages (i.e. using the same 
> grant references) to some new user address space which is chosen by mmap(). 
> During exec(), it will invalidate user address space, and  release() from 
> mmu_notifier will be called. This means, that my driver will execute 
> gnttab_unmap_refs. After exec() succeeded, I invoke mmap() again which will 
> do gnttab_map_refs().
> 
> At this point I get kernel errors like this:
> [  198.939095] BUG: Bad page map in process a.out  pte:80000002457f1167 
> pmd:245094067
> [  198.939099] page:ffffea000915fc40 count:1 mapcount:-1 mapping:          
> (null) index:0xffff8802d958f720
> [  198.939102] page flags: 0x8000000000000814(referenced|dirty|private)
> [  198.939109] addr:00007fd302f40000 vm_flags:000e00fb anon_vma:          
> (null) mapping:ffff8802d782f760 index:0
> [  198.939124] vma->vm_ops->fault: 0x0
> [  198.939128] vma->vm_file->f_op->mmap: syscall_driver_mmap+0x0/0xc9 
> [syscall_driver]

This I cannot spot in the upstream kernel (and you also didn't indicate
that you use something different), so I think you need to start
investigation at that end.

Jan

> So, I have two questions in this regard:
> 1. Does gnttab_unmap_refs removes grant references, so that I cannot use 
> them any longer? What would be proper way to preserve grant references but at 
> the same time unmap from the current user address space shared pages?
> 
> 2. What happens to the counters like count, mapcount when I do 
> gnttab_map_refs() and gnntab_unmap_refs()?
> 
> Thanks,
> Ruslan
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org 
> http://lists.xen.org/xen-devel 




_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Re: Question about grant table.

[Keir Fraser]

On 23/02/2009 18:58, "Jeniffer, Loren" <jeniffer.loren7@gmail.com> wrote:

> I want to know what the last sentence means.
> If some page is supposed to be transfered to some domain, why the sending
> domain fill in the frame number ?
> Why does the hypervisor do this ?

The sending domain does not have direct access to the receiving domain¹s
grant table entry.

 -- Keir

Question about grant table.

[Jeniffer, Loren]

[-- Attachment #1.1: Type: text/plain, Size: 1109 bytes --]

hi list,

Question about grant table. "The Definitive Guide to the Xen Hypervisor,
Ch 4.3"

struct grant_entry {
/* GTF_xxx: various type and flag information. [XEN,GST] */
uint16_t flags;
/* The domain being granted foreign privileges. [GST] */
domid_t domid;
/*
* GTF_permit_access: Frame that @domid is allowed to map and access. [GST]
* GTF_accept_transfer: Frame whose ownership transferred by @domid. [XEN]
*/
uint32_t frame;
};

The book says :

The last two fields in this are quite simple; they identify the domain
to which the rights are granted, and the page frame the entry refers to.
The domain (domid) is always filled in by the domain creating the entry.
If the domain is granting access to one of its own frames, the relevant
frame must be identified by the guest. _If the entry relates to a
transfer, the hypervisor will fill in the frame number after the transfer._

----------------------------------

I want to know what the last sentence means.
If some page is supposed to be transfered to some domain, why the
sending domain fill in the frame number ?
Why does the hypervisor do this ?


[-- Attachment #1.2: Type: text/html, Size: 1737 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

question about grant table

[tgh]

hi
I try to read the granttable code of xen,I am confused about some fields
in the struct grant_table,such as 
struct grant_entry **shared; 
struct active_grant_entry **active; 
struct grant_mapping **maptrack; 

what are the functions for the three structures ?
in the grant_table_create() function,each entry of three structures is allocated a page frame,is it right?
if it is,when we try to use a grant page ,three pages are needed to be allocated for matadata,or how does it work?


I am confused about it

could you help me
Thanks in advance