Stephen C. Tweedie
2005-Dec-20 17:47 UTC
[Xen-devel] [merge PATCH] Fix BUG() in rmap.c due to direct_remap_pfn_range()
Hi,
linux-2.6-merge.hg BUG()s reliably for me as soon as xend starts. The
problem is the /proc/xen/privcmd file: that gets mmaped by ioctl, then
unmapped, and the unmap results in an instant BUG():
kernel BUG at mm/rmap.c:486!
EIP is at page_remove_rmap+0x26/0x40
[<c014a7ac>] zap_pte_range+0x1cc/0x2f0
[<c014a9ee>] unmap_page_range+0x11e/0x140
[<c014aad7>] unmap_vmas+0xc7/0x190
[<c014f38b>] unmap_region+0x7b/0xe0
[<c014f6a0>] do_munmap+0xe0/0x120
[<c014f72e>] sys_munmap+0x4e/0x70
[<c0106cd1>] syscall_call+0x7/0xb
The BUG is:
BUG_ON(page_mapcount(page) < 0);
and occurs because we''re illegally trying to maintain mapping refcounts
on a page that has been mapped by direct pfn remapping.
i386 ioremp-xen.c''s direct_remap_pfn_range() does
/* Same as remap_pfn_range(). */
vma->vm_flags |= VM_IO | VM_RESERVED;
but in fact these are _not_ the same flags as remap_pfn_range(): the
latter now adds VM_PFNMAP to the mix too. Adding this to the Xen
variant fixes the problem for me.
--Stephen
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel