 Home |
Products |
Support |
Community |
News |
xen-ia64-devel
[Xen-ia64-devel] [RFC] refcnt countup bug
| To: | xen-ia64-devel@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-ia64-devel] [RFC] refcnt countup bug |
| From: | Masaki Kanno <kanno.masaki@xxxxxxxxxxxxxx> |
| Date: | Thu, 02 Feb 2006 13:34:40 +0900 |
| Delivery-date: | Thu, 02 Feb 2006 04:45:31 +0000 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help> |
| List-id: | Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com> |
| List-post: | <mailto:xen-ia64-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx |
I found a bug regarding updating domain struct's "refcnt", that is,
"refcnt" is incremented 2 times in the following condition.
(I belive it should be incremented only once).
- Hypercall (DOM0_GETMEMLIST) is issued and
- This is the first memory allocation for that DomU
*** hypercall(dom0_op -> DOM0_GETMEMLIST) start ***
do_dom0_op() |
| |
+->arch_do_dom0_op() | refcnt : 1
| |
|->find_domain_by_id() |
| | |
| +->get_domain() ------------------------ refcnt 1up
| |
|->__gpfn_to_mfn_foreign() |
| | |
| +->lookup_domain_mpa() |
| | | refcnt : 2
| +->map_new_domain_page() |
| | |
| +->alloc_domheap_page(s)() |
| | |
| +->get_knownalive_domain() ---- refcnt 1up
| |
| | refcnt : 3
| |
+->put_domain() --------------------------- refcnt 1down
|
| refcnt : 2
|
*** hypercall(dom0_op -> DOM0_GETMEMLIST) end ***
To solve this problem, I propose the following patch. Please
request for comments.
Signed-off-by: Masaki Kanno <kanno.masaki@xxxxxxxxxxxxxx>
Best regards,
Kan
diff -r 5fcc346d6fe0 xen/arch/ia64/xen/domain.c
--- a/xen/arch/ia64/xen/domain.c Thu Jan 26 10:31:28 2006
+++ b/xen/arch/ia64/xen/domain.c Thu Feb 2 12:47:49 2006
@@ -423,9 +423,23 @@
else
#endif
{
- p = alloc_domheap_page(d);
- // zero out pages for security reasons
- if (p) memset(__va(page_to_phys(p)),0,PAGE_SIZE);
+ if (likely(d->tot_pages))
+ {
+ p = alloc_domheap_page(d);
+ // zero out pages for security reasons
+ if (p)
memset(__va(page_to_phys(p)),0,PAGE_SIZE);
+ }
+ else
+ {
+ p = alloc_domheap_page(d);
+ if (p)
+ {
+ // for get_knownalive_domain in
alloc_domheap_page(s)
+ atomic_dec(&d->refcnt);
+ // zero out pages for security reasons
+
memset(__va(page_to_phys(p)),0,PAGE_SIZE);
+ }
+ }
}
if (unlikely(!p)) {
printf("map_new_domain_page: Can't alloc!!!! Aaaargh!\n");
_______________________________________________ Xen-ia64-devel mailing list Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-ia64-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-ia64-devel] [PATCH] zero clear pgd, pmd, pte page, Isaku Yamahata |
|---|---|
| Next by Date: | Re: [Xen-ia64-devel] [RFC] refcnt countup bug, Isaku Yamahata |
| Previous by Thread: | [Xen-ia64-devel] [PATCH] zero clear pgd, pmd, pte page, Isaku Yamahata |
| Next by Thread: | Re: [Xen-ia64-devel] [RFC] refcnt countup bug, Isaku Yamahata |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
