hypervisor fault in move_masked

All of lore.kernel.org
 help / color / mirror / Atom feed

* hypervisor fault in move_masked_irq
@ 2012-07-14 20:46 Ian Campbell
  2012-07-16 10:01 ` Andrew Cooper
  0 siblings, 1 reply; 2+ messages in thread
From: Ian Campbell @ 2012-07-14 20:46 UTC (permalink / raw)
  To: xen-devel, Andrew Cooper; +Cc: 665433, BTS Control Address

tags 665433 +upstream
thanks

Hi Andrew,

This [0] Debian bug report (against 4.0) looks like the sort of thing
you might have fixed (or perhaps worked around) in one of your many
fixes to the IRQ stuff in 4.1/unstable. Does it look at all familiar?

Cheers,
Ian.

[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665433

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: hypervisor fault in move_masked_irq
  2012-07-14 20:46 hypervisor fault in move_masked_irq Ian Campbell
@ 2012-07-16 10:01 ` Andrew Cooper
  0 siblings, 0 replies; 2+ messages in thread
From: Andrew Cooper @ 2012-07-16 10:01 UTC (permalink / raw)
  To: Ian Campbell; +Cc: 665433@bugs.debian.org, BTS Control Address, xen-devel

On 14/07/12 21:46, Ian Campbell wrote:
> tags 665433 +upstream
> thanks
>
> Hi Andrew,
>
> This [0] Debian bug report (against 4.0) looks like the sort of thing
> you might have fixed (or perhaps worked around) in one of your many
> fixes to the IRQ stuff in 4.1/unstable. Does it look at all familiar?

Unfortunately it doesn't look too familiar.

Judging by the fact that Xen has jumped outside of its code space, I
would say that Xen has made a function call off an invalid function pointer.

Given that desc->handler->set_affinity() is the only function pointer
call in the function, this is possibly a race condition between dom0
dying (which the upper stack trace indicates), Xen cleaning up after
dom0, and Xen receiving an interrupt which was midway through being
migrated.

Furthermore, it appears that unstable might be vulnerable to the same
race condition.

~Andrew

>
> Cheers,
> Ian.
>
> [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665433
>

-- 
Andrew Cooper - Dom0 Kernel Engineer, Citrix XenServer
T: +44 (0)1223 225 900, http://www.citrix.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-07-16 10:01 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-07-14 20:46 hypervisor fault in move_masked_irq Ian Campbell
2012-07-16 10:01 ` Andrew Cooper

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.