Shriram Rajagopalan
2011-Feb-25 20:19 UTC
[Xen-devel] [PATCH] libxc: fix incorrect scanning of pfn array in pagebuf during migration
# HG changeset patch
# User Shriram Rajagopalan <rshriram@cs.ubc.ca>
# Date 1298664774 28800
# Node ID 739f8bfeb96f92ae6d15ea983ba2b46543dc6a5c
# Parent f16d772fdb6c58518299d4c3780b846bcbee6165
libxc: fix incorrect scanning of pfn array in pagebuf during migration
xc_domain_restore.c:apply_batch function makes two passes over the pfn_types
array in pagebuf to allocate the needed MFNs. The curbatch parameter to this
function specifies the array offset in pfn_types, from where the current scan
should begin. But this variable is not taken into account (index always starts
at 0) during the two passes. While this [bug] does not manifest itsef during
save/restore or live migration, under Remus, xc_domain_restore fails due to
corrupt guest page tables.
Signed-off-by: Shriram Rajagopalan <rshriram@cs.ubc.ca>
diff -r f16d772fdb6c -r 739f8bfeb96f tools/libxc/xc_domain_restore.c
--- a/tools/libxc/xc_domain_restore.c Fri Feb 25 10:39:27 2011 -0800
+++ b/tools/libxc/xc_domain_restore.c Fri Feb 25 12:12:54 2011 -0800
@@ -907,8 +907,8 @@
for ( i = 0; i < j; i++ )
{
unsigned long pfn, pagetype;
- pfn = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
- pagetype = pagebuf->pfn_types[i] & XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pfn = pagebuf->pfn_types[i + curbatch] &
~XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pagetype = pagebuf->pfn_types[i + curbatch] &
XEN_DOMCTL_PFINFO_LTAB_MASK;
if ( (pagetype != XEN_DOMCTL_PFINFO_XTAB) &&
(ctx->p2m[pfn] == INVALID_P2M_ENTRY) )
@@ -934,8 +934,8 @@
for ( i = 0; i < j; i++ )
{
unsigned long pfn, pagetype;
- pfn = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK;
- pagetype = pagebuf->pfn_types[i] & XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pfn = pagebuf->pfn_types[i + curbatch] &
~XEN_DOMCTL_PFINFO_LTAB_MASK;
+ pagetype = pagebuf->pfn_types[i + curbatch] &
XEN_DOMCTL_PFINFO_LTAB_MASK;
if ( pagetype == XEN_DOMCTL_PFINFO_XTAB )
region_mfn[i] = ~0UL; /* map will fail but we don''t care
*/
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Ian Campbell
2011-Feb-28 09:20 UTC
Re: [Xen-devel] [PATCH] libxc: fix incorrect scanning of pfn array in pagebuf during migration
On Fri, 2011-02-25 at 20:19 +0000, Shriram Rajagopalan wrote:> # HG changeset patch > # User Shriram Rajagopalan <rshriram@cs.ubc.ca> > # Date 1298664774 28800 > # Node ID 739f8bfeb96f92ae6d15ea983ba2b46543dc6a5c > # Parent f16d772fdb6c58518299d4c3780b846bcbee6165 > libxc: fix incorrect scanning of pfn array in pagebuf during migration > > xc_domain_restore.c:apply_batch function makes two passes over the pfn_types > array in pagebuf to allocate the needed MFNs. The curbatch parameter to this > function specifies the array offset in pfn_types, from where the current scan > should begin. But this variable is not taken into account (index always starts > at 0) during the two passes. While this [bug] does not manifest itsef during > save/restore or live migration, under Remus, xc_domain_restore fails due to > corrupt guest page tables. > > Signed-off-by: Shriram Rajagopalan <rshriram@cs.ubc.ca>Appears to have been broken by 21588:6c3d8aec202d which reverted two changesets from before Remus support was added and hence reintroduced some none-Remus compatible bits. Acked-by: Ian Campbell <ian.campbell@citrix.com>> > diff -r f16d772fdb6c -r 739f8bfeb96f tools/libxc/xc_domain_restore.c > --- a/tools/libxc/xc_domain_restore.c Fri Feb 25 10:39:27 2011 -0800 > +++ b/tools/libxc/xc_domain_restore.c Fri Feb 25 12:12:54 2011 -0800 > @@ -907,8 +907,8 @@ > for ( i = 0; i < j; i++ ) > { > unsigned long pfn, pagetype; > - pfn = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK; > - pagetype = pagebuf->pfn_types[i] & XEN_DOMCTL_PFINFO_LTAB_MASK; > + pfn = pagebuf->pfn_types[i + curbatch] & ~XEN_DOMCTL_PFINFO_LTAB_MASK; > + pagetype = pagebuf->pfn_types[i + curbatch] & XEN_DOMCTL_PFINFO_LTAB_MASK; > > if ( (pagetype != XEN_DOMCTL_PFINFO_XTAB) && > (ctx->p2m[pfn] == INVALID_P2M_ENTRY) ) > @@ -934,8 +934,8 @@ > for ( i = 0; i < j; i++ ) > { > unsigned long pfn, pagetype; > - pfn = pagebuf->pfn_types[i] & ~XEN_DOMCTL_PFINFO_LTAB_MASK; > - pagetype = pagebuf->pfn_types[i] & XEN_DOMCTL_PFINFO_LTAB_MASK; > + pfn = pagebuf->pfn_types[i + curbatch] & ~XEN_DOMCTL_PFINFO_LTAB_MASK; > + pagetype = pagebuf->pfn_types[i + curbatch] & XEN_DOMCTL_PFINFO_LTAB_MASK; > > if ( pagetype == XEN_DOMCTL_PFINFO_XTAB ) > region_mfn[i] = ~0UL; /* map will fail but we don''t care */ > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Ian Jackson
2011-Mar-03 16:56 UTC
Re: [Xen-devel] [PATCH] libxc: fix incorrect scanning of pfn array in pagebuf during migration
Ian Campbell writes ("Re: [Xen-devel] [PATCH] libxc: fix incorrect scanning
of pfn array in pagebuf during migration"):> On Fri, 2011-02-25 at 20:19 +0000, Shriram Rajagopalan wrote:
> > libxc: fix incorrect scanning of pfn array in pagebuf during migration
...> Acked-by: Ian Campbell <ian.campbell@citrix.com>
Thanks to both of you, I have added my own ack and applied this.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel