Xen project Mailing List

Re: [Xen-devel] Xen 4.7 crash

To: Julien Grall <julien.grall@xxxxxxx>, Aaron Cornelius <Aaron.Cornelius@xxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 1 Jun 2016 23:31:21 +0100

Delivery-date: Wed, 01 Jun 2016 22:31:32 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 01/06/2016 23:24, Julien Grall wrote: > Hi, > > On 01/06/2016 22:35, Andrew Cooper wrote: >> On 01/06/2016 20:54, Aaron Cornelius wrote: >>> <snip> >>> (XEN) Xen call trace: >>> (XEN) [<0021fdd4>] free_domheap_pages+0x1c/0x324 (PC) >>> (XEN) [<0025b0cc>] p2m_teardown+0xa0/0x108 (LR) >>> (XEN) [<0025b0cc>] p2m_teardown+0xa0/0x108 >>> (XEN) [<0024f668>] arch_domain_destroy+0x20/0x50 >>> (XEN) [<0024f8f0>] arch_domain_create+0x258/0x284 >>> (XEN) [<0020854c>] domain_create+0x2dc/0x510 >>> (XEN) [<00206d6c>] do_domctl+0x5b4/0x1928 >>> (XEN) [<00260130>] do_trap_hypervisor+0x1170/0x15b0 >>> (XEN) [<00263b10>] entry.o#return_from_trap+0/0x4 >>> (XEN) >>> (XEN) >>> (XEN) **************************************** >>> (XEN) Panic on CPU 0: >>> (XEN) CPU0: Unexpected Trap: Data Abort >>> (XEN) >>> (XEN) **************************************** >>> (XEN) >>> (XEN) Reboot in five seconds... >> >> As for this specific crash itself, In the case of an early error path, >> p2m->root can be NULL in p2m_teardown(), in which case >> free_domheap_pages() will fall over in a heap. This patch should >> resolve it. > > Good catch! > >> >> @@ -1408,7 +1411,8 @@ void p2m_teardown(struct domain *d) >> while ( (pg = page_list_remove_head(&p2m->pages)) ) >> free_domheap_page(pg); >> >> - free_domheap_pages(p2m->root, P2M_ROOT_ORDER); >> + if ( p2m->root ) >> + free_domheap_pages(p2m->root, P2M_ROOT_ORDER); >> >> p2m->root = NULL; >> >> I would be tempted to suggest making free_domheap_pages() tolerate NULL >> pointers, except that would only be a safe thing to do if we assert that >> the order parameter is 0, which won't help this specific case. > > free_xenheap_pages already tolerates NULL (even if an order != 0). Is > there any reason to not do the same for free_domheap_pages? The xenheap allocation functions deal in terms of plain virtual addresses, while the domheap functions deal in terms of struct page_info *. Overall, this means that the domheap functions have a more restricted input/output set than their xenheap variants. As there is already precedent with xenheap, making domheap tolerate NULL is probably fine, and indeed the preferred course of action. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.