>>> On 06.06.12 at 03:36, Jisoo Yang <jisooy@gmail.com> wrote:
> It looks like page_list_splice(list, head) in include/xen/mm.h is buggy.
> (4.1.2)
>
> After calling it, head->next.prev incorrectly points to the old first
page,
> when it really should point to null (i.e., PAGE_LIST_NULL).
> The ''head'' list becomes inconsistent and the system will
crash later when
> you pop items out from the list. (usually fatal page fault) .
>
> To patch this bug I suggest to remove ''first->list.prev >
page_to_pdx(head->next);'' line.
While removing this line indeed appears to be correct, it would
make it less obvious to compare the functionality here with
__list_splice(). Therefore I''d replace it either with
ASSERT(first->list.prev == PAGE_LIST_NULL);
or with (possibly commented out, i.e. just for documentation)
first->list.prev = at->list.prev;
Apparently the sole current in-tree user simply doesn''t
reference head->next.prev, and hence the bug never
manifested itself.
Jan