On 05/09/18 00:14, Dongli Zhang wrote:
Below module would help people reproduce the issue to understand the symptom:
https://github.com/finallyjustice/patchset/blob/master/xen-swiotlb-panic.c
In addition, on the xen hypervisor side, the memory_exchange() in xen hypervisor does not check if the the pfn of input mfn belong to the same extent are continuous in guest domain. As a result, the wrong page is stolen from guest domain.
Can we assume it is fine to not check if pfn of mfn are continuous in xen hypervisor?
The purpose of the memory_exchange hypercall is to exchange any arbitrary set of guest frames with an equivalently sized set frames with different properties.
The practical use is for PV guests to be able to create a DMA buffer which is physically continuous. Xen does not, and indeed should not, care about the properties of the input frame list.
~Andrew