From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mukesh Rathor Subject: 32bit PAE PV guest on 64bit hypervisor Date: Mon, 13 Apr 2009 20:39:15 -0700 Message-ID: <49E40563.4010505@oracle.com> Reply-To: mukesh.rathor@oracle.com Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel List-Id: xen-devel@lists.xenproject.org Hi, Been chasing down this message from guest boot: (XEN) mm.c:1841:d1 Error pfn 7f36a: rd=ffff8300cea28080, od=0000000000000000, caf=00000000, taf=0000000000000000 (XEN) mm.c:730:d1 Error getting mfn 7f36a (pfn 5555555555555555) from L1 entry 000000007f36a025 for dom1 (XEN) mm.c:3700:d1 ptwr_emulate: fixing up invalid PAE PTE 000000007f36a025 Firstly, on a >64GB system, looks like a 32bit guest can get mfn above 64G. The above msg comes when the PV guest tries to do WP check. To that end, it does set_pte for mapping a (some swapper) temp page in test_wp_bit(): __set_fixmap(FIX_WP_TEST, __pa_symbol(&swapper_pg_dir), PAGE_READONLY); boot_cpu_data.wp_works_ok = do_test_wp_bit(); clear_fixmap(FIX_WP_TEST); ... /* use writable pagetables */ static inline void set_pte(pte_t *ptep, pte_t pte) { ptep->pte_high = pte.pte_high; smp_wmb(); ptep->pte_low = pte.pte_low; } During the clear fixmap, the pte high write results in clearing upper 32bits portion of pte/mfn, as a result the pte low write results in hypervisor getting wrong mfn, 7f36a instead of 1f7f36a. I understand writeable page tables allow guest to do this, but I assume they are for mapping user and not kernel pages, in which case we should be doing a hypercall here? Or, would switching the order, first set low pte then high pte work? Thanks, Mukesh