From mboxrd@z Thu Jan  1 00:00:00 1970
From: Marcelo Tosatti <marcelo@kvack.org>
Subject: Re: [PATCH] virtio-balloon: do not attempt to release
	more than available pages
Date: Sat, 8 Mar 2008 16:06:38 -0300
Message-ID: <20080308190638.GA18152@dmt>
References: <20080305162832.GA11563@dmt>
	<200803060939.49302.rusty@rustcorp.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: Marcelo Tosatti <marcelo@kvack.org>,
	kvm-devel <kvm-devel@lists.sourceforge.net>
To: Rusty Russell <rusty@rustcorp.com.au>
Return-path: <kvm-devel-bounces@lists.sourceforge.net>
Content-Disposition: inline
In-Reply-To: <200803060939.49302.rusty@rustcorp.com.au>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=kvm-devel>
List-Post: <mailto:kvm-devel@lists.sourceforge.net>
List-Help: <mailto:kvm-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request@lists.sourceforge.net?subject=subscribe>
Sender: kvm-devel-bounces@lists.sourceforge.net
Errors-To: kvm-devel-bounces@lists.sourceforge.net
List-Id: kvm.vger.kernel.org

On Thu, Mar 06, 2008 at 09:39:48AM +1100, Rusty Russell wrote:
> On Thursday 06 March 2008 03:28:32 Marcelo Tosatti wrote:
> > Handle the case where the balloon target is larger than total ram size.
> >
> > BUG: unable to handle kernel paging request at 0000000000100100
> > IP: [<ffffffff881970f9>] :virtio_balloon:leak__balloon+0x2e/0xbe
> >
> > Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
> 
> Hi Marcelo,
> 
>     My deepest concern is that we're papering over some real bug, if you 
> tripped this.  Zeroing num_pages makes sense as a hack, but we're clearly in 
> trouble at this point and there should be some indication of that.
> 
>     If I may ask, how did this happen?

Rusty,

QEMU allows the user to set a target larger than the memory size which
the guest was booted with:

        dev->num_pages = (ram_size - target) >> TARGET_PAGE_BITS;
        virtio_notify_config(&dev->vdev);

num_pages goes negative, so driver attempts deflate back -num_pages from
its balloon.

There is no other bug here, its just a matter of guest driver being
fragile. You can avoid that condition in the host backend:

--- virtio-balloon.c.orig       2008-03-08 14:39:51.000000000 -0300
+++ virtio-balloon.c    2008-03-08 14:41:08.000000000 -0300
@@ -113,6 +113,8 @@
     VirtIOBalloon *dev = opaque;

     if (target) {
+       if (target > ram_size)
+               target = ram_size;
        dev->num_pages = (ram_size - target) >> TARGET_PAGE_BITS;
        virtio_notify_config(&dev->vdev);
     }

But making the driver robust against it seems sensate. I agree that
zeroing num_pages is hackish. What do you suggest?

Thanks

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/