>>> On 07.01.13 at 13:52, Daniel Kiper <daniel.kiper at oracle.com> wrote: > On Mon, Jan 07, 2013 at 09:48:20AM +0000, Jan Beulich wrote: >> >>> On 04.01.13 at 18:25, Daniel Kiper <daniel.kiper at oracle.com> wrote: >> > Right, so where is virtual mapping of control page established? >> > I could not find relevant code in SLES kernel which does that. >> >> In the hypervisor (xen/arch/x86/machine_kexec.c:machine_kexec_load()). >> xen/arch/x86/machine_kexec.c:machine_kexec() then simply uses >> image->page_list[1]. > > This (xen/arch/x86/machine_kexec.c:machine_kexec_load()) maps relevant > page (allocated earlier by dom0) in hypervisor fixmap area. However, > it does not make relevant mapping in transition page table which > leads to crash when %cr3 is switched from Xen page table to > transition page table. That indeed could explain _random_ failures - the fixmap entries get created with _PAGE_GLOBAL set, i.e. don't get flushed with the CR3 write unless CR4.PGE is clear. And I don't see how your allocation of intermediate page tables would help: You wouldn't know where the mapping of the control page lives until you're actually in the early relocate_kernel code. Or was it that what distinguishes your cloned code from the native original? Jan