Re: [Xen-devel] Question: dom0 electrocuted by implicitly unmapped grantrefs

[Daniel Stodden <daniel.stodden@xxxxxxxxxx>]

On Tue, 2009-11-24 at 03:32 -0500, Keir Fraser wrote:
> On 23/11/2009 23:07, "Daniel Stodden" <daniel.stodden@xxxxxxxxxx> wrote:
> 
> >> It's arguable I suppose. An implicitly unmapped grant leaves a grant entry
> >> which cannot be released until the mapping domain dies. It's a nasty kind 
> >> of
> >> leak, and I made the hypervisor's response to it suitably abrupt.
> > 
> > Forgive my ignorance: Why can't it be released any more? To me it looks
> > as if the mapping is already gone, so the entry is stale, and the caller
> > just pointed at it somewhat asking for just that.
> 
> We can't usually reliably tell. In most cases the granting domain would
> still be hanging around. It's just on that one unlikely path we happen to be
> able to tell.

Yes. Sorry, I figured only later that you were referring to the general
case.

The domain struct would stay around until all pages have been released,
right? Certainly the ld crash is due to what remains to be filed as a
bug in ld.

But killing the host? Until then it was a resource leak and a zombie
domain, bad enough to not let the issue go unnoticed. 

I think part of what bugs me is, the way this works right now, that the
only case where Xen won't let ld get away with it is actually the one
where the problem happens to be resolved already.

Also I wonder, if rd happens to remain pinned, couldn't the buggy ld be
identified more reliable as any one failing to present a valid pte
together with the unmap request? Or am I missing something?

Daniel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel