WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] [PATCH] Domain core-dumping fixes

To: John Levon <john.levon@xxxxxxx>
Subject: Re: [Xen-devel] [PATCH] Domain core-dumping fixes
From: Isaku Yamahata <yamahata@xxxxxxxxxxxxx>
Date: Thu, 12 Mar 2009 11:24:57 +0900
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 11 Mar 2009 19:25:24 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <88b3a560b0fb2a5adca9.1236822349@girltalk>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <88b3a560b0fb2a5adca9.1236822349@girltalk>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.6i
On Wed, Mar 11, 2009 at 06:45:49PM -0700, John Levon wrote:
> diff --git a/tools/libxc/xc_core.c b/tools/libxc/xc_core.c
> --- a/tools/libxc/xc_core.c
> +++ b/tools/libxc/xc_core.c
> @@ -518,7 +518,17 @@ xc_domain_dumpcore_via_callback(int xc_h
>      if ( sts != 0 )
>          goto out;
>  
> +    /*
> +     * Note: this is the *current* number of pages and may change under
> +     * a live dump-core.  We'll just take this value, and if more pages
> +     * exist, we'll skip them.  If there's less, then we'll just not use
> +     * all the array...
> +     *
> +     * We don't want to use the total potential size of the memory map
> +     * since that is usually much higher than info.nr_pages.
> +     */
>      nr_pages = info.nr_pages;
> +
>      if ( !auto_translated_physmap )
>      {
>          /* obtain p2m table */
> @@ -770,7 +780,7 @@ xc_domain_dumpcore_via_callback(int xc_h
>  
>          pfn_start = memory_map[map_idx].addr >> PAGE_SHIFT;
>          pfn_end = pfn_start + (memory_map[map_idx].size >> PAGE_SHIFT);
> -        for ( i = pfn_start; i < pfn_end; i++ )
> +        for ( i = pfn_start; i < pfn_end && j < nr_pages; i++ )
>          {
>              uint64_t gmfn;
>              void *vaddr;

Did the issue really happen?
I believe the following if clause handles the case. or j orverflowed?

        pfn_start = memory_map[map_idx].addr >> PAGE_SHIFT;
        pfn_end = pfn_start + (memory_map[map_idx].size >> PAGE_SHIFT);
        for ( i = pfn_start; i < pfn_end; i++ )
        {
            uint64_t gmfn;
            void *vaddr;
            
            if ( j >= nr_pages ) <<<<<<<<<<<<<< HERE! >>>>>>>>>>>>>>>>
            {
                /*
                 * When live dump-mode (-L option) is specified,
                 * guest domain may increase memory.
                 */
                IPRINTF("exceeded nr_pages (%ld) losing pages", nr_pages);
                goto copy_done;
            }


-- 
yamahata

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel