This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] [linux-2.6.18-xen] pv-on-hvm/kexec: prevent crash in xen

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [linux-2.6.18-xen] pv-on-hvm/kexec: prevent crash in xenwatch_thread() when stale watch events arrive
From: Xen patchbot-linux-2.6.18-xen <patchbot@xxxxxxx>
Date: Thu, 06 Oct 2011 10:33:07 +0100
Delivery-date: Thu, 06 Oct 2011 02:33:17 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Olaf Hering <olaf@xxxxxxxxx>
# Date 1317893088 -7200
# Node ID 40e33b2fce948cbdcc0ec27404b58b1acc9b7fc8
# Parent  92c7972042d2b20a975acfeae9a469284523caac
pv-on-hvm/kexec: prevent crash in xenwatch_thread() when stale watch events 

commit c4c303c7c5679b4b368e12f41124aee29c325b76

During repeated kexec boots xenwatch_thread() can crash because
xenbus_watch->callback is cleared by xenbus_watch_path() if a node/token
combo for a new watch happens to match an already registered watch from
an old kernel.  In this case xs_watch returns -EEXISTS, then
register_xenbus_watch() does not remove the to-be-registered watch from
the list of active watches but returns the -EEXISTS to the caller

Because the watch is still active in xenstored it will cause an event
which will arrive in the new kernel. process_msg() will find the
encapsulated struct xenbus_watch in its list of registered watches and
puts the "empty" watch handle in the queue for xenwatch_thread().
xenwatch_thread() then calls ->callback which was cleared earlier by

To prevent that crash in a guest running on an old xen toolstack remove
the special -EEXIST handling.

 - remove the EEXIST handing in register_xenbus_watch() instead of
   checking for ->callback in process_msg()

Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
Committed-by: Jan Beulich <jbeulich@xxxxxxxx>

diff -r 92c7972042d2 -r 40e33b2fce94 drivers/xen/xenbus/xenbus_xs.c
--- a/drivers/xen/xenbus/xenbus_xs.c    Thu Oct 06 09:47:57 2011 +0200
+++ b/drivers/xen/xenbus/xenbus_xs.c    Thu Oct 06 11:24:48 2011 +0200
@@ -656,8 +656,7 @@
        err = xs_watch(watch->node, token);
-       /* Ignore errors due to multiple registration. */
-       if ((err != 0) && (err != -EEXIST)) {
+       if (err) {

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [linux-2.6.18-xen] pv-on-hvm/kexec: prevent crash in xenwatch_thread() when stale watch events arrive, Xen patchbot-linux-2 . 6 . 18-xen <=