[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dom0less boot two compressed kernel images out-of-memory work-around

To: Charles Chiou <cchiou@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Wed, 3 Mar 2021 19:36:31 +0000
Cc: Jan Beulich <jbeulich@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Delivery-date: Wed, 03 Mar 2021 19:36:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

(BCCing xen-users, CCing xen-devel + a few folks)

Hi,

Moving the discussion to xen-devel.

On 22/02/2021 05:02, Charles Chiou wrote:

When trying to boot two zImage using dom0less boot on ARM, we encountered this 
problem when xen runs gunzip on second guest:

(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) Out of memory
(XEN) ****************************************

And worked around it with the following patch. We'd like to check to see if 
this is a known issue and if the work-around looks reasonable. Thank you


I haven't seen any similar report in the past.



diff --git a/xen/common/gunzip.c b/xen/common/gunzip.c
index db4efcd34b..e5bd19ba7f 100644
--- a/xen/common/gunzip.c
+++ b/xen/common/gunzip.c
@@ -113,8 +113,10 @@ __init int perform_gunzip(char *output, char *image, 
unsigned long image_len)

      window = (unsigned char *)output;

+    if (!free_mem_ptr) {
          free_mem_ptr = (unsigned long)alloc_xenheap_pages(HEAPORDER, 0);
          free_mem_end_ptr = free_mem_ptr + (PAGE_SIZE << HEAPORDER);
+    }

      inbuf = (unsigned char *)image;
      insize = image_len;
@@ -131,7 +133,12 @@ __init int perform_gunzip(char *output, char *image, 
unsigned long image_len)
          rc = 0;
      }

+    if (free_mem_ptr) {
          free_xenheap_pages((void *)free_mem_ptr, HEAPORDER);
+        free_mem_ptr = 0;
+    }
+
+    bytes_out = 0;

      return rc;
}
diff --git a/xen/common/inflate.c b/xen/common/inflate.c
index f99c985d61..de96002188 100644
--- a/xen/common/inflate.c
+++ b/xen/common/inflate.c
@@ -244,7 +244,7 @@ static void *INIT malloc(int size)

      if (size < 0)
          error("Malloc error");
-    if (!malloc_ptr)
+    if ((!malloc_ptr) || (!malloc_count))
          malloc_ptr = free_mem_ptr;

IMHO, this is a bit risky to assume that malloc_count will always be 0after each gunzip.

Instead I think, it would be better if we re-initialize the allocatorevery time. How about the following (untested):


commit e1cd2d85234c8d0aa62ad32c824a5568a57be930 (HEAD -> dev)
Author: Julien Grall <jgrall@xxxxxxxxxx>
Date:   Wed Mar 3 19:27:56 2021 +0000

    xen/gunzip: Allow perform_gunzip() to be called multiple times

    Currently perform_gunzip() can only be called once because the the
    internal allocator is not fully re-initialized.

    This works fine if you are only booting dom0. But this will break when
    booting multiple using the dom0less that uses compressed kernel images.

    This can be resolved by re-initializing malloc_ptr and malloc_count
    every time perform_gunzip() is called.

Note the latter is only re-initialized for hardening purpose asthere is

    no guarantee that every malloc() are followed by free() (It should in
    theory!).

Take the opportunity to check the return of alloc_heap_pages() toreturn

    an error rather than dereferencing a NULL pointer later on failure.

    Reported-by: Charles Chiou <cchiou@xxxxxxxxxxxxx>
    Signed-off-by: Julien Grall <jgrall@xxxxxxxxxx>

    ---

This patch is candidate for Xen 4.15. Without this patch, it willnot be

    possible to boot multiple domain using dom0less when they are using
    compressed kernel images.

diff --git a/xen/common/gunzip.c b/xen/common/gunzip.c
index db4efcd34b77..a5c2e25efc0f 100644
--- a/xen/common/gunzip.c
+++ b/xen/common/gunzip.c

@@ -114,7 +114,11 @@ __init int perform_gunzip(char *output, char*image, unsigned long image_len)

     window = (unsigned char *)output;

     free_mem_ptr = (unsigned long)alloc_xenheap_pages(HEAPORDER, 0);
+    if ( !free_mem_ptr )
+        return -ENOMEM;
+
     free_mem_end_ptr = free_mem_ptr + (PAGE_SIZE << HEAPORDER);
+    init_allocator();

     inbuf = (unsigned char *)image;
     insize = image_len;
diff --git a/xen/common/inflate.c b/xen/common/inflate.c
index f99c985d6135..d8c28a3e9593 100644
--- a/xen/common/inflate.c
+++ b/xen/common/inflate.c
@@ -238,6 +238,12 @@ STATIC const ush mask_bits[] = {
 static unsigned long INITDATA malloc_ptr;
 static int INITDATA malloc_count;

+static void init_allocator(void)
+{
+    malloc_ptr = free_mem_ptr;
+    malloc_count = 0;
+}
+
 static void *INIT malloc(int size)
 {
     void *p;

Best regards,

--
Julien Grall

Follow-Ups:
- Re: dom0less boot two compressed kernel images out-of-memory work-around
  - From: Jan Beulich

Prev by Date: Re: [PATCH][4.15] crypto: adjust rijndaelEncrypt() prototype for gcc11
Next by Date: [xen-unstable test] 159814: tolerable FAIL
Previous by thread: Re: [PATCH XENSTORE v1 00/10] Code analysis fixes
Next by thread: Re: dom0less boot two compressed kernel images out-of-memory work-around
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.