From mboxrd@z Thu Jan  1 00:00:00 1970
From: Gianluca Guida <gianluca.guida@eu.citrix.com>
Subject: [PATCH] Fix OOS on domain crash.
Date: Wed, 13 Aug 2008 19:29:26 +0100
Message-ID: <48A32806.3000207@eu.citrix.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------070501070009080607040609"
Return-path: <xen-devel-bounces@lists.xensource.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: haicheng.li@intel.com, Keir Fraser <keir.fraser@eu.citrix.com>
Cc: Tim Deegan <Tim.Deegan@eu.citrix.com>, "xen-devel@lists.xensource.com" <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

This is a multi-part message in MIME format.
--------------070501070009080607040609
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hello,

I couldn't reproduce the Nevada crash on my testbox, but this should fix 
the first Xen crash that was seen in the Nevada HVM (bugzilla #1322).

What I think most probably happened there is that the set_l2e call in 
shadow_get_and_create_l1e() has tried to resync a page, but somehow we 
weren't unable to remove the shadow (the real bug we should actually 
look after). sh_resync() then removes the page from the OOS hash and 
later in the page fault path we find the gw.l1mfn to be still OOS, so we 
try to update the snapshot and the bug happens.

Attached patch should fix this and other unlikely (like sh_unsync() 
failing to remove for hash collision the current gw.l1mfn) cases.

Gianluca

Signed-off-by: Gianluca Guida <gianluca.guida@eu.citrix.com>

--------------070501070009080607040609
Content-Type: text/x-patch;
 name="fix-oos-on-domain-crash.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="fix-oos-on-domain-crash.patch"

diff -r b75f0b3e2a7e xen/arch/x86/mm/shadow/multi.c
--- a/xen/arch/x86/mm/shadow/multi.c	Wed Aug 13 11:09:46 2008 +0100
+++ b/xen/arch/x86/mm/shadow/multi.c	Wed Aug 13 14:05:57 2008 -0400
@@ -3290,6 +3290,16 @@ static int sh_page_fault(struct vcpu *v,
     if ( sh_mfn_is_a_page_table(gmfn)
          && ft == ft_demand_write )
         sh_unsync(v, gmfn);
+
+    if ( unlikely(d->is_shutting_down) )
+    {
+        /* We might end up with a crashed domain here if
+         * sh_remove_shadows() in a previous sh_resync() call has
+         * failed. We cannot safely continue since some page is still
+         * OOS but not in the hash table anymore. */
+        shadow_unlock(d);
+        return 0;
+    }
 #endif /* OOS */
 
     /* Calculate the shadow entry and write it */

--------------070501070009080607040609
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

--------------070501070009080607040609--