Re: port-xen/58395: panic: HYPERVISOR_mmu_update failed, ret: -22

[Taylor R Campbell <riastradh%NetBSD.org@localhost>]

The following reply was made to PR port-xen/58395; it has been noted by GNATS.

From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: port-xen/58395: panic: HYPERVISOR_mmu_update failed, ret: -22
Date: Thu, 4 Jul 2024 11:53:29 +0000

 Some more details:
 
 1. hypervisor0 at mainbus0: Xen version 4.14.0.88.g1d1d1f53
 
 2. At the time of xengnt_init, GNTTABOP_query_size returns:
    - nr_frames=3D32
    - max_nr_frames=3D64
 
 3. The pfns returned by GNTTABOP_setup_table look reasonable at first,
    e.g.:
 
    xengnt_more_entries: pages[0]@0xffffd380025b9c00=3D54d87
    xengnt_more_entries: pages[1]@0xffffd380025b9c08=3D54d86
    xengnt_more_entries: pages[2]@0xffffd380025b9c10=3D54d85
    xengnt_more_entries: pages[3]@0xffffd380025b9c18=3D54d84
    xengnt_more_entries: pages[4]@0xffffd380025b9c20=3D54df3
    ...
    xengnt_more_entries: pages[27]@0xffffd380025c04d8=3D54d94
    xengnt_more_entries: pages[28]@0xffffd380025c04e0=3D54d93
    xengnt_more_entries: pages[29]@0xffffd380025c04e8=3D54d92
    xengnt_more_entries: pages[30]@0xffffd380025c04f0=3D54d91
    xengnt_more_entries: pages[31]@0xffffd380025c04f8=3D54d90
 
 4. Both (2) and (3) remain true until we call GNTTABOP_setup_table
    with nr_frames=3D33, at which point:
    - GNTTABOP_setup_table returns a pfn of -1 (i.e., ffffffffffffffff,
      all bits set), but only for frame 32, and it still returns zero
      and sets op.status =3D GNTST_okay indicating success
    - GNTTABOP_query_size returns nr_frames=3D33 as expected
 
    xengnt_more_entries: GNTTABOP_query_size before: rc=3D0 nr_frames=3D32 m=
 ax_nr_frames=3D64 status=3D0
    xengnt_more_entries: pages=3D0xffffd3800297c5c0 n=3D33
    xengnt_more_entries: pages[28]@0xffffd3800297c6a0=3D54d93
    xengnt_more_entries: pages[29]@0xffffd3800297c6a8=3D54d92
    xengnt_more_entries: pages[30]@0xffffd3800297c6b0=3D54d91
    xengnt_more_entries: pages[31]@0xffffd3800297c6b8=3D54d90
    xengnt_more_entries: pages[32]@0xffffd3800297c6c0=3Dffffffffffffffff
    xengnt_more_entries: GNTTABOP_query_size after: rc=3D0 nr_frames=3D33 ma=
 x_nr_frames=3D64 status=3D0
 
 xengnt_more_entries then passes pfn=3D-1 into pmap_kenter_ma which
 passes it through to HYPERVISOR_mmu_update which fails with EINVAL
 (22) presumably because pfn=3D-1 is invalid.
 
 If I patch xengnt_init to do
 
 -		gnt_max_grant_frames =3D query.max_nr_frames;
 +		gnt_max_grant_frames =3D MIN(32, query.max_nr_frames);
 
 then the kernel boots just fine in this environment.
 
 I'm guessing that setting max_grant_frames=3D32 in the domU's xl.conf
 would also work but I don't have control over that.