Xen devel - Jul 2006 - an issue when using grant table

Maybe this question is dumb. But I have been stuck for over one week. Please
be gentle and help me out.

I used grant table to allow one domain(server domain) to grant access on
certain pages to another domain (client domain). If the server decides to
free a page that was granted foreign access, the server may request the
client to stop mapping and then end granting. This mechanism seems to be
simple and straightforward. However, after system ran for one or two round,
I will get fatal error from kernel. THe error message is listed below. looks
like
some memory mapping was wrong. But if I disable the grant table related
code, it works fine for me.

Does anyone run into similar problem before? or make some guess on possible
reasons?

Server:

1. gnttab_grant_foreign_access()
 ......
2. request the client to stop mapping
3. gnttab_end_foreign_access(node->pageref, 0, 0L);

Client:
1. map foreign pages if necessary, and set_phys_to_machine()
2. upon receiving "stop mapping" request, check whether the page is
mapped,
it so, unmap it, restore original memory mapping with set_phys_to_machine()
3. reply the server

Thanks a lot!

lily
----------------------ERROR MESSAGES--------------------------------
------------[ cut here ]------------
kernel BUG at arch/i386/mm/hypervisor.c:71!
invalid opcode: 0000 [#1]
Modules linked in: nfsd exportfs lockd xt_physdev iptable_filter ip_tables
x_tables sunrpc video thermal processor fan button battery ac intel_agp
agpgart
CPU:    0
EIP:    0061:[<c0113365>]    Not tainted VLI
EFLAGS: 00010282   (2.6.16-xen0 #135)
EIP is at xen_l2_entry_update+0x75/0x80
eax: ffffffea   ebx: ca9e9eb0   ecx: 00000001   edx: 00000000
esi: 00007ff0   edi: 18f4f000   ebp: ca9e9ec8   esp: ca9e9eb0
ds: 007b   es: 007b   ss: 0069
Process ls (pid: 5410, threadinfo=ca9e8000 task=c0bc6530)
Stack: <0>3adb2b7c 00000000 3574f067 00000000 d8f4f000 00000000 ca9e9ee4
c0145aec
       cb9b2b7c 3574f067 00000001 b7f60004 c16293c0 ca9e9f60 c0147f02
c16293c0
       cb9b2b7c b7f60004 ca9e9f5c c014b9b2 c16293c0 00100073 00000000
00000001
Call Trace:
 [<c01052dd>] show_stack_log_lvl+0xcd/0x120
 [<c01054be>] show_registers+0x18e/0x220
 [<c0105795>] die+0xe5/0x240
 [<c041a048>] do_trap+0x98/0xe0
 [<c0105cd1>] do_invalid_op+0xa1/0xb0
 [<c0104deb>] error_code+0x2b/0x30
 [<c0145aec>] __pte_alloc+0x11c/0x1d0
 [<c0147f02>] __handle_mm_fault+0x62/0xad0
 [<c041abdd>] do_page_fault+0x13d/0x7a0
 [<c0104deb>] error_code+0x2b/0x30
Code: 55 e8 8d 5d e8 31 d2 c7 45 ec 00 00 00 00 89 45 f0 c7 45 f4 00 00 00
00 e8 c9 dc fe ff 85 c0 78 0a 8b 5d f8 8b 75 fc 89 ec 5d c3 <0f> 0b 47 00
63
34 43 c0 eb ec 90 55 89 e5 83 ec 14 8b 55 08 89
 <0>------------[ cut here ]------------
kernel BUG at mm/mmap.c:1961!
invalid opcode: 0000 [#2]
Modules linked in: nfsd exportfs lockd xt_physdev iptable_filter ip_tables
x_tables sunrpc video thermal processor fan button battery ac intel_agp
agpgart
CPU:    0
EIP:    0061:[<c014a1ac>]    Not tainted VLI
EFLAGS: 00010202   (2.6.16-xen0 #135)
EIP is at exit_mmap+0xdc/0xf0
eax: 00000000   ebx: ca9e9cdc   ecx: c147b4c0   edx: fbfa9000
esi: 00000000   edi: 00000001   ebp: ca9e9cec   esp: ca9e9cc0
ds: 007b   es: 007b   ss: 0069
Process ls (pid: 5410, threadinfo=ca9e8000 task=c0bc6530)
Stack: <0>ca9e9cdc dc1acd84 00000000 00000000 ca9e9cd8 00000000 0000001a
c0572570
       c16293c0 c16293f4 c0bc6530 ca9e9cfc c0116177 c16293c0 c16293c0
ca9e9d18
       c0119a6a c16293c0 c16293c0 ca9e8000 c0bc6530 00000001 ca9e9d5c
c011a730
Call Trace:
 [<c01052dd>] show_stack_log_lvl+0xcd/0x120
 [<c01054be>] show_registers+0x18e/0x220
 [<c0105795>] die+0xe5/0x240
 [<c041a048>] do_trap+0x98/0xe0
 [<c0105cd1>] do_invalid_op+0xa1/0xb0
 [<c0104deb>] error_code+0x2b/0x30
 [<c0116177>] mmput+0x27/0x80
 [<c0119a6a>] exit_mm+0x6a/0xe0
 [<c011a730>] do_exit+0xf0/0x810
 [<c01058e8>] die+0x238/0x240
 [<c041a048>] do_trap+0x98/0xe0
 [<c0105cd1>] do_invalid_op+0xa1/0xb0
 [<c0104deb>] error_code+0x2b/0x30
 [<c0145aec>] __pte_alloc+0x11c/0x1d0
 [<c0147f02>] __handle_mm_fault+0x62/0xad0
 [<c041abdd>] do_page_fault+0x13d/0x7a0
 [<c0104deb>] error_code+0x2b/0x30
Code: 02 75 15 e8 a7 92 fc ff eb 0e 90 8d 74 26 00 89 f0 e8 89 f6 ff ff 89
c6 85 f6 75 f3 8b 7f 74 85 ff 75 08 83 c4 20 5b 5e 5f 5d c3 <0f> 0b a9 07
a4
53 43 c0 eb ee 8d 76 00 8d bc 27 00 00 00 00 55
 <1>Fixing recursive fault but reboot is needed!


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel