| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
[Xen-devel] possible grant table issue
Hello!
Attached is a patch that dumps some debugging output for the block
interface backend. The reason why I am posting this patch is due to the
somewhat strange assignments of the handles that are returned from the
HYPERVISOR_grant_table_op. I am stopping short of saying it's a bug,
because I don't know the code well enough, but when looking at the
hypervisor code I see some place where I doubt that this is right.
Particularly one should try the following:
Create user domains that use the block interfaces.
1st user domain witll be assigned handle 0x0. - should be ok
2nd user domain will be assigned handle 0x1. - should be ok
3rd user domain will be assigned handle 0x2. - should be ok
(handle numbers have obviously been increasing so far)
bring down 3rd user domain - free'ed handle will be 0x2 - should be ok
create 3rd user domain again - will be assigned handle 0x0 - this is not
what I would expect.
(the code that's causing this is called when handle 0x2 was free'ed
static inline void
put_maptrack_handle(
grant_table_t *t, int handle)
{
t->maptrack[handle].ref_and_flags = t->maptrack_head <<
MAPTRACK_REF_SHIFT;
t->maptrack_head = handle;
^^^^^^
t->map_count--;
}
)
Now when I look at xen/common/grant_tables.c I see how the handles are
used in :
static int
__gnttab_map_grant_ref(
gnttab_map_grant_ref_t *uop,
unsigned long *va)
{
[...] // much omitted
if ( 0 <= ( rc = __gnttab_activate_grant_ref( ld, led, rd, ref,
dev_hst_ro_flags,
host_virt_addr,
&frame)))
{
/*
* Only make the maptrack live _after_ writing the pte, in case we
* overwrite the same frame number, causing a maptrack walk to
find it
*/
ld->grant_table->maptrack[handle].domid = dom;
^^^^^^
ld->grant_table->maptrack[handle].ref_and_flags
^^^^^^
= (ref << MAPTRACK_REF_SHIFT) |
(dev_hst_ro_flags & MAPTRACK_GNTMAP_MASK);
(void)__put_user(frame, &uop->dev_bus_addr);
if ( dev_hst_ro_flags & GNTMAP_host_map )
*va = host_virt_addr;
(void)__put_user(handle, &uop->handle);
I think this newly assigned handle of '0' (for the re-created 3rd user
domain) is overwriting some previously assign array entry for the first
user domain. Please someone who knows have a look at this. All this is
happening in the domain where the blockdevice backend is located.
Stefan
Signed-off-by : Stefan Berger <stefanb@xxxxxxxxxx>
blkif_debug.patch
Description: Binary data
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-devel] possible grant table issue,
Stefan Berger <=
|
|
|
| |
|
Home