[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[XenPPC] Re: [PATCH] Fix BUG in alloc_heap_pages



This is an important find, it may require an audit of uses list_del where its use is not immediately by some form of destruction of the containing object.
-JX
On Sep 21, 2006, at 6:21 PM, Amos Waterland wrote:

I believe it is the case that if the last element of a list is deleted
with list_del(), and then the list is scanned with list_empty(),
undefined results can occur.  The following patch fixes a BUG that
triggers on one of my blades that has 8 GB of RAM.

I believe that the failing sequence is that when alloc_heap_pages
happens to exhaust a zone list and does a list_del on the last element
and returns, and then the next call to the same function looks through
the same list and decides that it is not empty and tries to do a
list_del, which triggers the BUG I am seeing.

Thanks to Jimi Xenidis for tracking this down.

Signed-off-by: Jimi Xenidis <jimix@xxxxxxxxxxxxxx>
Acked-by: Amos Waterland <apw@xxxxxxxxxx>

---

 page_alloc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff -r 5418062d2da8 xen/common/page_alloc.c
--- a/xen/common/page_alloc.c   Tue Sep 19 11:26:00 2006 -0500
+++ b/xen/common/page_alloc.c   Thu Sep 21 17:38:41 2006 -0400
@@ -313,7 +313,7 @@ struct page_info *alloc_heap_pages(unsig

  found:
     pg = list_entry(heap[zone][i].next, struct page_info, list);
-    list_del(&pg->list);
+    list_del_init(&pg->list);

     /* We may have to halve the chunk a number of times. */
     while ( i != order )


_______________________________________________
Xen-ppc-devel mailing list
Xen-ppc-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ppc-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.