WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] A bug in Xenbus driver

from [Jun Zhu (Intern)] [Permanent Link][Original]
To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] A bug in Xenbus driver
From: "Jun Zhu (Intern)" <Jun.Zhu@xxxxxxxxxx>
Date: Wed, 25 Aug 2010 19:57:42 +0100
Accept-language: en-US
Acceptlanguage: en-US
Delivery-date: Wed, 25 Aug 2010 11:58:51 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AQHLRIdljl53ZyhlnEq937l2OrtUNA==
Thread-topic: A bug in Xenbus driver 
Hi all,

I think this is a serious bug, existing in the pvops 2.6.31.13 (also existing 
in linux 2.6.35);

In the xenbus driver (drivers/xen/xenfs/xenbus.c), the function of 
xenbus_file_read has a section of source code like this:
              if (ret != sz) {
                  if (i == 0)
                                i = -EFAULT;
                        goto out;
                }
                /* Clear out buffer if it has been consumed */
                if (rb->cons == rb->len) {
                        list_del(&rb->list);
                        kfree(rb);
                        if (list_empty(&u->read_buffers))
                                break;
                        rb = list_entry(u->read_buffers.next,
                                        struct read_buffer, list);
                }
It should be like this:
//              if (ret != sz) {
                if (ret != 0) {
                        if (i == 0)
                                i = -EFAULT;
                        goto out;
                }
This bug makes the read_buffer not be cleared most of the time. If the xenstore 
client uses PTHREAD to create a thread to receive reply message, the problem 
will incur. The new thread can not read what it wants to read, since the list 
is not empty.

I found this problem from the xenstore client xs_watch function. xs_watch 
creates the new thread on demand. So I recommend that in the function of 
read_message(xen/tools/xenstore/xs.c), if using thread to receive message, in 
the case of read fault, it should signal to the listener and print out the 
error. 

Jun Zhu
Citrix Systems UK
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] xl: obey uuid config option, Gianni Tedesco
Next by Date:  Re: [Xen-devel] A bug in Xenbus driver, Jeremy Fitzhardinge
Previous by Thread:  [Xen-devel] [PATCH] xl: obey uuid config option, Gianni Tedesco
Next by Thread:  Re: [Xen-devel] A bug in Xenbus driver, Jeremy Fitzhardinge
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy