[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] possible grant table issue


Attached is a patch that dumps some debugging output for the block 
interface backend. The reason why I am posting this patch is due to the 
somewhat strange assignments of the handles that are returned from the 
HYPERVISOR_grant_table_op. I am stopping short of saying it's a bug, 
because I don't know the code well enough, but when looking at the 
hypervisor code I see some place where I doubt that this is right. 
Particularly one should try the following:

Create user domains that use the block interfaces.

1st user domain witll be assigned handle 0x0. - should be ok
2nd user domain will be assigned handle 0x1. - should be ok
3rd user domain will be assigned handle 0x2. - should be ok

(handle numbers have obviously been increasing so far)

bring down 3rd user domain - free'ed handle will be 0x2 - should be ok

create 3rd user domain again - will be assigned handle 0x0 - this is not 
what I would expect.

(the code that's causing this is called when handle 0x2 was free'ed
static inline void
            grant_table_t *t, int handle)
            t->maptrack[handle].ref_and_flags = t->maptrack_head << 
            t->maptrack_head = handle;

Now when I look  at xen/common/grant_tables.c I see how the handles are 
used in :

static int
    gnttab_map_grant_ref_t *uop,
    unsigned long *va)
        [...] // much omitted

    if ( 0 <= ( rc = __gnttab_activate_grant_ref( ld, led, rd, ref,
         * Only make the maptrack live _after_ writing the pte, in case we 

         * overwrite the same frame number, causing a maptrack walk to 
find it
        ld->grant_table->maptrack[handle].domid = dom;
            = (ref << MAPTRACK_REF_SHIFT) |
              (dev_hst_ro_flags & MAPTRACK_GNTMAP_MASK);

        (void)__put_user(frame, &uop->dev_bus_addr);

        if ( dev_hst_ro_flags & GNTMAP_host_map )
            *va = host_virt_addr;

        (void)__put_user(handle, &uop->handle);

I think this newly assigned handle of '0' (for the re-created 3rd user 
domain) is overwriting some previously assign array entry for the first 
user domain. Please someone who knows have a look at this. All this is 
happening in the domain where the blockdevice backend is located.


Signed-off-by : Stefan Berger <stefanb@xxxxxxxxxx>

Attachment: blkif_debug.patch
Description: Binary data

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.