WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] fix stubdom memory corruption

from [Boris Derzhavets] [Permanent Link][Original]
To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] fix stubdom memory corruption
From: Boris Derzhavets <bderzhavets@xxxxxxxxx>
Date: Tue, 14 Apr 2009 05:28:29 -0700 (PDT)
Cc:
Delivery-date: Tue, 14 Apr 2009 05:29:02 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1239712109; bh=IrZW1SUYIdVUJRf3EgT2dpMI1Xs48Aw8gUTTC0DzU1Q=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=2y1BPWfn7u2TXQDNzD/gokTYxQStWUoqn12sdwdB+6QALSjAjiT/wKbZD4og3pXCBpNIBR0gGNpg+1KDUMIQCGP6qwGwC+UIKZkFRhG6fpwntd0O4DXOMg1Zot69Eugcu5MSs4A04ZmJL4xQ0dCQBkSOM8PjbET3Yf1w7Ak+S9w=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=CFWhTxP+1PzFXaUIo1oRiGNicwopVlwkH/sZiSmmkFVnQX99Fpmadmm8Pc+vEqYxSuxnFCV1zjaHO/bTCxA/wjyArGWtjAZVJy5Y+/ch9TCZy1h6wNIA541j0VgK2AgwdneCXZDAmanjSlBVVH1kHcDVszWAEq56xro5yvqW0TU=;
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <49E456F3.2010009@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Reply-to: bderzhavets@xxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
This one and vl.c patch have been applied.
stubdom has been rebuilt and reinstalled.
No improvement.
Name                                        ID   Mem VCPUs      State   Time(s)
Domain-0                                     0  7019     2     r-----    633.9
RHELhvm                                     1  1024     1     ------      0.0
root@ServerXen331:/etc/xen# netstat -a|grep 590
tcp        0      0 *:5901                  *:*                     LISTEN    

Boris


--- On Tue, 4/14/09, Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx> wrote:
From: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] fix stubdom memory corruption
To: "xen-devel" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Date: Tuesday, April 14, 2009, 5:27 AM

Hi all,
this patch fixes a memory corruption in blkfront that happens every time
we pass a sector aligned buffer (instead of a page aligned buffer) to
blkfront_aio.
To trigger the COW we have to write at least a byte to each page of the
buffer, but we must be careful not to overwrite useful content.

Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

diff -r dbc4014882d0 extras/mini-os/blkfront.c
--- a/extras/mini-os/blkfront.c	Wed Apr 01 08:36:21 2009 +0100
+++ b/extras/mini-os/blkfront.c	Tue Apr 14 10:18:30 2009 +0100
@@ -317,19 +317,21 @@
     req->sector_number = aiocbp->aio_offset / dev->info.sector_size;
 
     for (j = 0; j <
 n; j++) {
+        req->seg[j].first_sect = 0;
+        req->seg[j].last_sect = PAGE_SIZE / dev->info.sector_size - 1;
+    }
+    req->seg[0].first_sect = ((uintptr_t)aiocbp->aio_buf &
~PAGE_MASK) / dev->info.sector_size;
+    req->seg[n-1].last_sect = (((uintptr_t)aiocbp->aio_buf +
aiocbp->aio_nbytes - 1) & ~PAGE_MASK) / dev->info.sector_size;
+    for (j = 0; j < n; j++) {
 	uintptr_t data = "" + j * PAGE_SIZE;
         if (!write) {
             /* Trigger CoW if needed */
-            *(char*)data = "">+            *(char*)(data + (req->seg[j].first_sect << 9)) = 0;
             barrier();
         }
 	aiocbp->gref[j] = req->seg[j].gref =
             gnttab_grant_access(dev->dom, virtual_to_mfn(data), write);
-	req->seg[j].first_sect = 0;
-	req->seg[j].last_sect = PAGE_SIZE / dev->info.sector_size - 1;
     }
-   
 req->seg[0].first_sect = ((uintptr_t)aiocbp->aio_buf &
~PAGE_MASK) / dev->info.sector_size;
-    req->seg[n-1].last_sect = (((uintptr_t)aiocbp->aio_buf +
aiocbp->aio_nbytes - 1) & ~PAGE_MASK) / dev->info.sector_size;
 
     dev->ring.req_prod_pvt = i + 1;
 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] RE: pciback+front needed for hvm ?, Tim Moore
Next by Date:  [Xen-devel] Scheduler follow-up: Design target (was [RFC] Scheduler work, part 1), George Dunlap
Previous by Thread:  [Xen-devel] [PATCH] fix stubdom memory corruption, Stefano Stabellini
Next by Thread:  Re: [Xen-devel] [PATCH] fix stubdom memory corruption, Stefano Stabellini
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy