[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] bug in hvmloader xenbus_shutdown logic

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
From: "Liuqiming (John)" <john.liuqiming@xxxxxxxxxx>
Date: Thu, 5 Dec 2013 02:08:29 +0000
Accept-language: zh-CN, en-US
Cc: Yanqiangjun <yanqiangjun@xxxxxxxxxx>, David Scott <dave.scott@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Thu, 05 Dec 2013 02:08:49 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Thread-index: Ac7wqM49s0C8kGz4QZ2az3ET1Yiu6f//1JkA//5tFcA=
Thread-topic: [Xen-devel] bug in hvmloader xenbus_shutdown logic

According to oxenstored source code, oxenstored will read every domain's IO 
ring no matter what events happened.

Here is the main loop of oxenstored:

let main_loop () =
        incr periodic_ops_counter;
        if !periodic_ops_counter > 20 then (
                periodic_ops_counter := 0;
                periodic_ops ();
        );

        let mw = Connections.has_more_work cons in
        let inset, outset = Connections.select cons in
        let timeout = if List.length mw > 0 then 0. else -1. in
        let rset, wset, _ =
        try
                Unix.select (spec_fds @ inset) outset [] timeout    <--  poll 
event from fd set including /dev/xen/evtchn
        with Unix.Unix_error(Unix.EINTR, _, _) ->
                [], [], [] in
        let sfds, cfds =
                List.partition (fun fd -> List.mem fd spec_fds) rset in
        if List.length sfds > 0 then
                process_special_fds sfds;
        if List.length cfds > 0 || List.length wset > 0 then
                process_connection_fds store cons domains cfds wset;
        process_domains store cons domains   <- no matter what event income, 
this will handle IO ring request of all domains
        in

so when one domain's hvmloader is clearing its IO ring, oxenstored may access 
this IO ring because of another domain's event happened.
  

> -----Original Message-----
> From: Ian Campbell [mailto:Ian.Campbell@xxxxxxxxxx]
> Sent: Wednesday, December 04, 2013 5:50 PM
> To: Liuqiming (John)
> Cc: xen-devel@xxxxxxxxxxxxx; Yanqiangjun
> Subject: Re: [Xen-devel] bug in hvmloader xenbus_shutdown logic
> 
> On Wed, 2013-12-04 at 04:25 +0000, Liuqiming (John) wrote:
> 
> > memset can not set all the page to zero in an atomic way, and during
> > the clear up process oxenstored may access this ring.
> 
> Why is oxenstored poking at the ring? Surely it should only do so when
> the guest (hvmloader) sends it a request. If hvmloader is clearing the
> page while there is a request/event outstanding then this is an
> hvmloader bug.
> 
> Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] bug in hvmloader xenbus_shutdown logic
  - From: David Scott

References:
- [Xen-devel] bug in hvmloader xenbus_shutdown logic
  - From: Liuqiming (John)
- Re: [Xen-devel] bug in hvmloader xenbus_shutdown logic
  - From: Ian Campbell

Prev by Date: [Xen-devel] [V5 PATCH 1/7] pvh dom0: move some pv specific code to static functions
Next by Date: [Xen-devel] [V5 PATCH 5/7] pvh: change xsm_add_to_physmap
Previous by thread: Re: [Xen-devel] bug in hvmloader xenbus_shutdown logic
Next by thread: Re: [Xen-devel] bug in hvmloader xenbus_shutdown logic
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.