This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] [xen-unstable] x86, shadow: Fix OOS on domain crash.

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] x86, shadow: Fix OOS on domain crash.
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 14 Aug 2008 08:40:08 -0700
Delivery-date: Thu, 14 Aug 2008 08:53:24 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1218705272 -3600
# Node ID b1e5a0def6485bee94f41fefdd2480e1d0d9b35b
# Parent  3ad6ad720f90779629cc9dd4276ae2f49344dfc6
x86, shadow: Fix OOS on domain crash.

I couldn't reproduce the Nevada crash on my testbox, but this should
fix the first Xen crash that was seen in the Nevada HVM (bugzilla

What I think most probably happened there is that the set_l2e call in
shadow_get_and_create_l1e() has tried to resync a page, but somehow we
weren't unable to remove the shadow (the real bug we should actually
look after). sh_resync() then removes the page from the OOS hash and
later in the page fault path we find the gw.l1mfn to be still OOS, so
we try to update the snapshot and the bug happens.

This should fix this and other unlikely (like sh_unsync() failing to
remove for hash collision the current gw.l1mfn) cases.

Signed-off-by: Gianluca Guida <gianluca.guida@xxxxxxxxxxxxx>
 xen/arch/x86/mm/shadow/multi.c |   10 ++++++++++
 1 files changed, 10 insertions(+)

diff -r 3ad6ad720f90 -r b1e5a0def648 xen/arch/x86/mm/shadow/multi.c
--- a/xen/arch/x86/mm/shadow/multi.c    Thu Aug 14 11:00:35 2008 +0900
+++ b/xen/arch/x86/mm/shadow/multi.c    Thu Aug 14 10:14:32 2008 +0100
@@ -3290,6 +3290,16 @@ static int sh_page_fault(struct vcpu *v,
     if ( sh_mfn_is_a_page_table(gmfn)
          && ft == ft_demand_write )
         sh_unsync(v, gmfn);
+    if ( unlikely(d->is_shutting_down) )
+    {
+        /* We might end up with a crashed domain here if
+         * sh_remove_shadows() in a previous sh_resync() call has
+         * failed. We cannot safely continue since some page is still
+         * OOS but not in the hash table anymore. */
+        shadow_unlock(d);
+        return 0;
+    }
 #endif /* OOS */
     /* Calculate the shadow entry and write it */

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] x86, shadow: Fix OOS on domain crash., Xen patchbot-unstable <=