This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Question: dom0 electrocuted by implicitly unmapped grant

To: Keir Fraser <Keir.Fraser@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] Question: dom0 electrocuted by implicitly unmapped grantrefs
From: Daniel Stodden <daniel.stodden@xxxxxxxxxx>
Date: Tue, 24 Nov 2009 11:28:28 -0800
Cc: Xen Developers <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Tue, 24 Nov 2009 11:28:48 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C7314AA8.169A%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <C7314AA8.169A%keir.fraser@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
On Tue, 2009-11-24 at 03:32 -0500, Keir Fraser wrote:
> On 23/11/2009 23:07, "Daniel Stodden" <daniel.stodden@xxxxxxxxxx> wrote:
> >> It's arguable I suppose. An implicitly unmapped grant leaves a grant entry
> >> which cannot be released until the mapping domain dies. It's a nasty kind 
> >> of
> >> leak, and I made the hypervisor's response to it suitably abrupt.
> > 
> > Forgive my ignorance: Why can't it be released any more? To me it looks
> > as if the mapping is already gone, so the entry is stale, and the caller
> > just pointed at it somewhat asking for just that.
> We can't usually reliably tell. In most cases the granting domain would
> still be hanging around. It's just on that one unlikely path we happen to be
> able to tell.

Yes. Sorry, I figured only later that you were referring to the general

The domain struct would stay around until all pages have been released,
right? Certainly the ld crash is due to what remains to be filed as a
bug in ld.

But killing the host? Until then it was a resource leak and a zombie
domain, bad enough to not let the issue go unnoticed. 

I think part of what bugs me is, the way this works right now, that the
only case where Xen won't let ld get away with it is actually the one
where the problem happens to be resolved already.

Also I wonder, if rd happens to remain pinned, couldn't the buggy ld be
identified more reliable as any one failing to present a valid pte
together with the unmap request? Or am I missing something?


Xen-devel mailing list