Hi,
On 01/06/2016 22:35, Andrew Cooper wrote:
On 01/06/2016 20:54, Aaron Cornelius wrote:
<snip>
(XEN) Xen call trace:
(XEN) [<0021fdd4>] free_domheap_pages+0x1c/0x324 (PC)
(XEN) [<0025b0cc>] p2m_teardown+0xa0/0x108 (LR)
(XEN) [<0025b0cc>] p2m_teardown+0xa0/0x108
(XEN) [<0024f668>] arch_domain_destroy+0x20/0x50
(XEN) [<0024f8f0>] arch_domain_create+0x258/0x284
(XEN) [<0020854c>] domain_create+0x2dc/0x510
(XEN) [<00206d6c>] do_domctl+0x5b4/0x1928
(XEN) [<00260130>] do_trap_hypervisor+0x1170/0x15b0
(XEN) [<00263b10>] entry.o#return_from_trap+0/0x4
(XEN)
(XEN)
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) CPU0: Unexpected Trap: Data Abort
(XEN)
(XEN) ****************************************
(XEN)
(XEN) Reboot in five seconds...
As for this specific crash itself, In the case of an early error path,
p2m->root can be NULL in p2m_teardown(), in which case
free_domheap_pages() will fall over in a heap. This patch should
resolve it.
Good catch!
@@ -1408,7 +1411,8 @@ void p2m_teardown(struct domain *d)
while ( (pg = page_list_remove_head(&p2m->pages)) )
free_domheap_page(pg);
- free_domheap_pages(p2m->root, P2M_ROOT_ORDER);
+ if ( p2m->root )
+ free_domheap_pages(p2m->root, P2M_ROOT_ORDER);
p2m->root = NULL;
I would be tempted to suggest making free_domheap_pages() tolerate NULL
pointers, except that would only be a safe thing to do if we assert that
the order parameter is 0, which won't help this specific case.
free_xenheap_pages already tolerates NULL (even if an order != 0). Is
there any reason to not do the same for free_domheap_pages?
Regards,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
