This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0

To: Jeremy Fitzhardinge <jeremy@xxxxxxxx>
Subject: Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0
From: Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 09 Mar 2010 00:23:12 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 08 Mar 2010 15:24:14 -0800
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:mime-version:to:cc:subject:references:in-reply-to:content-type; s=smtpout; bh=/NYfXQgxhQVNu+B/6HBxJq30FAg=; b=O23+osaLTt9UbJwSv+b8WVycbvjLveJ6fXwm8HVDvf1LgPJDEWccRMCfwd0jQymCpODAtE1WboJ7/LLmP31Gktl5OhvB/TiTSD/D29CyHn0ZEpW97iM2Av0SP1AJ9Yqo7EcVfE+PbXBfAdjXqLSmuOHgzHLZd2jixT3jw45OLqY=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4B958475.3050407@xxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4B922A89.2060105@xxxxxxxxxxxxxxxxxxxxxx> <4B957914.4050408@xxxxxxxx> <4B957B93.4060401@xxxxxxxxxxxxxxxxxxxxxx> <4B958475.3050407@xxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20100301 Fedora/3.0.3-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.3
On 03/09/2010 12:12 AM, Jeremy Fitzhardinge wrote:
> I think its most likely to be a dom0 bug, specifically a bug in one of
> the backend drivers.  The common failure mode which causes symtoms like
> this is when a granted page (=a domU page mapped into dom0) is released
> back into dom0's heap and reused as general memory while still being
> under the control of the domU.
> However, given that the domU hasn't got any devices assigned to it aside
> from the console, none of the backend should be coming into play.  It
> might be a more general problem with the privcmd interface.
> Alternatively, I suppose, the domain builder could end up using some of
> dom0 pages to construct the domU without properly freeing them, which
> would suggest a bug in the balloon driver.
> I can't think of a Xen failure-mode which would cause these symptoms
> without also being massively obvious in other cases.  (But "I can't
> think of..." is where all the best bugs hide.)

But the corruptions always happen in 32-bytes chunks, which might
suggest it's not a page-related problem (e.g. wrongly re-used page), as
in that case we would be observing (at least sometimes) much bigger
chunks of corrupted data, I think.

The reason why I still believe it's a hypervisor related thing, it that
I'm currently using the very *same* Dom0 kernel (very recent
xen/stable-2.6.31) with Xen 3.4.2 and the system is damn stable. And I
really mean extensive use with 5-7 VMs running all the time doing
various things from Web browsing to kernel building.

If I was to make an educated guess I would say it's something related to
some interrupt handling, i.e. Xen mishandling it, e.g. the handler is
writing out-of-buffer somewhere and it just happens to land in the Dom0
fs buffer used by e.g. dd operation.


Attachment: signature.asc
Description: OpenPGP digital signature

Xen-devel mailing list
<Prev in Thread] Current Thread [Next in Thread>