[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] hypervisor fault in move_masked_irq



On 14/07/12 21:46, Ian Campbell wrote:
> tags 665433 +upstream
> thanks
>
> Hi Andrew,
>
> This [0] Debian bug report (against 4.0) looks like the sort of thing
> you might have fixed (or perhaps worked around) in one of your many
> fixes to the IRQ stuff in 4.1/unstable. Does it look at all familiar?

Unfortunately it doesn't look too familiar.

Judging by the fact that Xen has jumped outside of its code space, I
would say that Xen has made a function call off an invalid function pointer.

Given that desc->handler->set_affinity() is the only function pointer
call in the function, this is possibly a race condition between dom0
dying (which the upper stack trace indicates), Xen cleaning up after
dom0, and Xen receiving an interrupt which was midway through being
migrated.

Furthermore, it appears that unstable might be vulnerable to the same
race condition.

~Andrew

>
> Cheers,
> Ian.
>
> [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665433
>

-- 
Andrew Cooper - Dom0 Kernel Engineer, Citrix XenServer
T: +44 (0)1223 225 900, http://www.citrix.com




_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.