[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] page_list_splice() seems buggy (4.1.2)

To: "Jisoo Yang" <jisooy@xxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 06 Jun 2012 09:15:24 +0100
Cc: xen-devel@xxxxxxxxxxxxx
Delivery-date: Wed, 06 Jun 2012 08:15:54 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 06.06.12 at 03:36, Jisoo Yang <jisooy@xxxxxxxxx> wrote:
> It looks like page_list_splice(list, head) in include/xen/mm.h is buggy.
> (4.1.2)
> 
> After calling it, head->next.prev incorrectly points to the old first page,
> when it really should point to null (i.e., PAGE_LIST_NULL).
> The 'head' list becomes inconsistent and the system will crash later when
> you pop items out from the list. (usually fatal page fault) .
> 
> To patch this bug I suggest to remove 'first->list.prev =
> page_to_pdx(head->next);' line.

While removing this line indeed appears to be correct, it would
make it less obvious to compare the functionality here with
__list_splice(). Therefore I'd replace it either with

    ASSERT(first->list.prev == PAGE_LIST_NULL);

or with (possibly commented out, i.e. just for documentation)

    first->list.prev = at->list.prev;

Apparently the sole current in-tree user simply doesn't
reference head->next.prev, and hence the bug never
manifested itself.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] page_list_splice() seems buggy (4.1.2)
  - From: Jisoo Yang

Prev by Date: Re: [Xen-devel] xen live migration falied
Next by Date: [Xen-devel] [PATCH] fix page_list_splice()
Previous by thread: [Xen-devel] page_list_splice() seems buggy (4.1.2)
Next by thread: [Xen-devel] [xen-unstable test] 13018: tolerable FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.