Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0

To:	Jeremy Fitzhardinge <jeremy@xxxxxxxx>
Subject:	Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0
From:	Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>
Date:	Tue, 09 Mar 2010 00:23:12 +0100
Cc:	xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Mon, 08 Mar 2010 15:24:14 -0800
Dkim-signature:	v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:mime-version:to:cc:subject:references:in-reply-to:content-type; s=smtpout; bh=/NYfXQgxhQVNu+B/6HBxJq30FAg=; b=O23+osaLTt9UbJwSv+b8WVycbvjLveJ6fXwm8HVDvf1LgPJDEWccRMCfwd0jQymCpODAtE1WboJ7/LLmP31Gktl5OhvB/TiTSD/D29CyHn0ZEpW97iM2Av0SP1AJ9Yqo7EcVfE+PbXBfAdjXqLSmuOHgzHLZd2jixT3jw45OLqY=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<4B958475.3050407@xxxxxxxx>
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<4B922A89.2060105@xxxxxxxxxxxxxxxxxxxxxx> <4B957914.4050408@xxxxxxxx> <4B957B93.4060401@xxxxxxxxxxxxxxxxxxxxxx> <4B958475.3050407@xxxxxxxx>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8) Gecko/20100301 Fedora/3.0.3-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.3

On 03/09/2010 12:12 AM, Jeremy Fitzhardinge wrote:
> I think its most likely to be a dom0 bug, specifically a bug in one of
> the backend drivers.  The common failure mode which causes symtoms like
> this is when a granted page (=a domU page mapped into dom0) is released
> back into dom0's heap and reused as general memory while still being
> under the control of the domU.
> 
> However, given that the domU hasn't got any devices assigned to it aside
> from the console, none of the backend should be coming into play.  It
> might be a more general problem with the privcmd interface.
> 
> Alternatively, I suppose, the domain builder could end up using some of
> dom0 pages to construct the domU without properly freeing them, which
> would suggest a bug in the balloon driver.
> 
> I can't think of a Xen failure-mode which would cause these symptoms
> without also being massively obvious in other cases.  (But "I can't
> think of..." is where all the best bugs hide.)
> 

But the corruptions always happen in 32-bytes chunks, which might
suggest it's not a page-related problem (e.g. wrongly re-used page), as
in that case we would be observing (at least sometimes) much bigger
chunks of corrupted data, I think.

The reason why I still believe it's a hypervisor related thing, it that
I'm currently using the very *same* Dom0 kernel (very recent
xen/stable-2.6.31) with Xen 3.4.2 and the system is damn stable. And I
really mean extensive use with 5-7 VMs running all the time doing
various things from Web browsing to kernel building.

If I was to make an educated guess I would say it's something related to
some interrupt handling, i.e. Xen mishandling it, e.g. the handler is
writing out-of-buffer somewhere and it just happens to land in the Dom0
fs buffer used by e.g. dd operation.

joanna.

signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0