This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] A bug in Xenbus driver

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] A bug in Xenbus driver
From: "Jun Zhu (Intern)" <Jun.Zhu@xxxxxxxxxx>
Date: Wed, 25 Aug 2010 19:57:42 +0100
Accept-language: en-US
Acceptlanguage: en-US
Delivery-date: Wed, 25 Aug 2010 11:58:51 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AQHLRIdljl53ZyhlnEq937l2OrtUNA==
Thread-topic: A bug in Xenbus driver
Hi all,

I think this is a serious bug, existing in the pvops (also existing 
in linux 2.6.35);

In the xenbus driver (drivers/xen/xenfs/xenbus.c), the function of 
xenbus_file_read has a section of source code like this:
              if (ret != sz) {
                  if (i == 0)
                                i = -EFAULT;
                        goto out;
                /* Clear out buffer if it has been consumed */
                if (rb->cons == rb->len) {
                        if (list_empty(&u->read_buffers))
                        rb = list_entry(u->read_buffers.next,
                                        struct read_buffer, list);
It should be like this:
//              if (ret != sz) {
                if (ret != 0) {
                        if (i == 0)
                                i = -EFAULT;
                        goto out;
This bug makes the read_buffer not be cleared most of the time. If the xenstore 
client uses PTHREAD to create a thread to receive reply message, the problem 
will incur. The new thread can not read what it wants to read, since the list 
is not empty.

I found this problem from the xenstore client xs_watch function. xs_watch 
creates the new thread on demand. So I recommend that in the function of 
read_message(xen/tools/xenstore/xs.c), if using thread to receive message, in 
the case of read fault, it should signal to the listener and print out the 

Jun Zhu
Citrix Systems UK
Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>