On 01/07/2019 09:45, Petre Ovidiu PIRCALABU wrote: > On Mon, 2019-07-01 at 08:29 +0000, Paul Durrant wrote: >>> -----Original Message----- >>> From: Xen-devel <xen-devel-boun...@lists.xenproject.org> On Behalf >>> Of Petre Ovidiu PIRCALABU >>> Sent: 28 June 2019 19:00 >>> To: xen-devel@lists.xenproject.org; Andrew Cooper < >>> andrew.coop...@citrix.com> >>> Cc: Alexandru Stefan ISAILA <aisa...@bitdefender.com>; >>> rcojoc...@bitdefender.com >>> Subject: [Xen-devel] vfree crash >>> >>> Hello, >>> >>> I need your help to pinpoint the root cause of a problem. To my >>> understanding vfree should be used when allocating memory with >>> vmalloc. >>> >>> But, I have the following scenario which results in a XEN crash: >>> - allocate a number of frames using vmalloc (vzalloc) (e.g. using a >>> domctl) and assign them to the calling domain >>> - map the frames using xenforeignmemory_map_resource >> Do you really mean xenforeignmemory_map_resource()? If the memory is >> assigned to the calling domain then this is quite likely not to work. >> There were reference counting problems with that code, which is why >> caller assigned resources were dropped. >> >> Paul >> > The problem lies with vfree because it creates a new list with the > pages, unmaps the va pointer and then frees the pages. If I do these > steps manually (without adding them to a new list) it works.
The problem here is that struct page_info only has a single linked list pointer, and vfree() blindly assumes it is available for use, which isn't true once you've called assign_pages() on the vmap area. At the moment, it doesn't look like it is possible to set v*alloc()'d pages up suitably to be mapped by a guest. (Similar corruption will occur via share_xen_page_with_guest() and the xenheap list). This is obviously something which wants fixing, but its not immediately obvious how. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
