This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [PATCH] Fix BUG in alloc_heap_pages

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH] Fix BUG in alloc_heap_pages
From: Amos Waterland <apw@xxxxxxxxxx>
Date: Mon, 25 Sep 2006 10:48:19 -0400
Cc: Jimi Xenidis <jimix@xxxxxxxxxxxxxx>, Hollis Blanchard <hollisb@xxxxxxxxxx>
Delivery-date: Mon, 25 Sep 2006 07:49:30 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.12-2006-07-14
I believe it is the case that if the last element of a list is deleted
with list_del(), and then the list is scanned with list_empty(),
undefined results can occur.  The following patch fixes a BUG that
triggers on one of my blades that has 8 GB of RAM.

I believe that the failing sequence is that when alloc_heap_pages
happens to exhaust a zone list and does a list_del on the last element
and returns, and then the next call to the same function looks through
the same list and decides that it is not empty and tries to do a
list_del, which triggers the BUG I am seeing.

This patch is based on a suggestion by Jimi Xenidis, and it does indeed
fix the problem on my blade.  I have walked through the code and have
mostly convinced myself that there are no negative side effects of
calling list_del_init, but I would appreciate any comments.

Signed-off-by: Jimi Xenidis <jimix@xxxxxxxxxxxxxx>
Acked-by: Amos Waterland <apw@xxxxxxxxxx>


 page_alloc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff -r 5418062d2da8 xen/common/page_alloc.c
--- a/xen/common/page_alloc.c   Tue Sep 19 11:26:00 2006 -0500
+++ b/xen/common/page_alloc.c   Thu Sep 21 17:38:41 2006 -0400
@@ -313,7 +313,7 @@ struct page_info *alloc_heap_pages(unsig
     pg = list_entry(heap[zone][i].next, struct page_info, list);
-    list_del(&pg->list);
+    list_del_init(&pg->list);
     /* We may have to halve the chunk a number of times. */
     while ( i != order )

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>