[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] page_list_splice() seems buggy (4.1.2)

To: xen-devel@xxxxxxxxxxxxx
From: Jisoo Yang <jisooy@xxxxxxxxx>
Date: Tue, 5 Jun 2012 18:36:47 -0700
Delivery-date: Wed, 06 Jun 2012 01:37:42 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hello,

It looks like page_list_splice(list, head) in include/xen/mm.h is buggy. (4.1.2)

After calling it, head->next.prev incorrectly points to the old first page, when it really should point to null (i.e., PAGE_LIST_NULL).
The 'head' list becomes inconsistent and the system will crash later when you pop items out from the list. (usually fatal page fault) .

To patch this bug I suggest to remove 'first->list.prev = page_to_pdx(head->next);' line.

This bug was discovered while I was doing a private project, and the suggested patch above seems to fix it.

Thanks,
-J

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] page_list_splice() seems buggy (4.1.2)
  - From: Jan Beulich

Prev by Date: [Xen-devel] Debugging Dom0 kernel over serial
Next by Date: [Xen-devel] [xen-unstable test] 13018: tolerable FAIL
Previous by thread: [Xen-devel] Debugging Dom0 kernel over serial
Next by thread: Re: [Xen-devel] page_list_splice() seems buggy (4.1.2)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.