On 20/04/18 16:25, Andrew Cooper wrote: > On 20/04/18 16:20, Jason Andryuk wrote: >> Adding xen-devel and the Linux Xen maintainers. >> >> Summary: Some Xen users (and maybe others) are hitting a BUG in >> __radix_tree_lookup() under do_swap_page() - example backtrace is >> provided at the end. Matthew Wilcox provided a band-aid patch that >> prints errors like the following instead of triggering the bug. >> >> Skylake 32bit PAE Dom0: >> Bad swp_entry: 80000000 >> mm/swap_state.c:683: bad pte d3a39f1c(8000000400000000) >> >> Ivy Bridge 32bit PAE Dom0: >> Bad swp_entry: 40000000 >> mm/swap_state.c:683: bad pte d3a05f1c(8000000200000000) >> >> Other 32bit DomU: >> Bad swp_entry: 4000000 >> mm/swap_state.c:683: bad pte e2187f30(8000000200000000) >> >> Other 32bit: >> Bad swp_entry: 2000000 >> mm/swap_state.c:683: bad pte ef3a3f38(8000000100000000) >> >> The Linux bugzilla has more info >> https://bugzilla.kernel.org/show_bug.cgi?id=198497 >> >> This may not be exclusive to Xen Linux, but most of the reports are on >> Xen. Matthew wonders if Xen might be stepping on the upper bits of a >> pte. > Yes - Xen does use the upper bits of a PTE, but only 1 in release > builds, and a second in debug builds. I don't understand where you're > getting the 3rd bit in there. > > The use of these bits are dubious, and not adequately described in the > ABI, and attempts to improve the state of play has come to nothing in > the past. Sorry - hit send too early. To be rather more helpful: For 64bit guests only, we use one bit to distinguish between guest kernel and guest user pages. This is because both guest user and kernel run in ring3, and have to have _PAGE_USER set on them. We use bit 52 to tag guest kernel mappings, which is seeded from the guest kernels choice of _PAGE_USER. In debug builds of the hypervisor only, we use bit 62 to tag grant mappings. This is to help spot API errors in the guest, and results in an instant crash if we spot misuse. ~Andrew
