Port-xen archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Dom0 PAE panic when starting xend
On Tue, Mar 03, 2009 at 08:02:25PM +0100, Jean-Yves Migeon wrote:
> Got it, things are really funny.
>
> Is it expected that kmem_alloc() returns sometimes unaligned addresses
> for PAGE_SIZE allocations, like this one?
>
> ...
> /* we only need one L3 page */
> l3_p2m_page = kmem_alloc(PAGE_SIZE, KM_NOSLEEP);
> if (l3_p2m_page == NULL)
> panic("could not allocate memory for l3_p2m_page");
> ...
>
>
> +++++fatal breakpoint trap in supervisor mode
> trap type 1 code 0 eip c0127594 cs 9 eflags 202 cr2 c29cf975 ilevel 6
> Stopped in pid 0.2 (system) at netbsd:breakpoint+0x4: popl %ebp
> db> x l3_p2m_page
> netbsd:l3_p2m_page: c2830004
>
>
> If yes, I'd like to add a comment about it in kmem_alloc(9), because it
> is really _a_bad_thing_® in some cases with Xen.
>
> Reverting my change from kmem_alloc() to a mere malloc() fixes my issue:
> [...]
I guess it's a side effect of the malloc implementation; but I don't think
we can rely on it either. Better use uvm_km_alloc() for this; which take
an explicit alignement parameter.
>
> On a side note, I would like to bring to your attention that this kind
> of "bug" inside a domU _does_ bring down a dom0, by making it loop
> inside its page fault handler. So, in essence, you got a DoS here,
> potentially harming all your domUs when trying to save/migrate one. I
> will test it with XenSource's Linux to see how it behaves.
>
> Who is at fault here? Should NetBSD add some checks against invalid
> mappings (when hypercall returns EINVAL for a foreign domain), or should
> xentools check the validity (against a poison for example) and abort the
> operation if it triggers?
If the hypercall returns a proper error code, it should be used and handled
appropriately, I'd say.
--
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
NetBSD: 26 ans d'experience feront toujours la difference
--
Home |
Main Index |
Thread Index |
Old Index