FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Crash Utility

 
 
LinkBack Thread Tools
 
Old 01-07-2011, 02:39 PM
Petr Tesarik
 
Default Account for the changed type of the domain.vcpu field in Xen4

On Friday 07 of January 2011 16:27:55 Dave Anderson wrote:
> ----- Original Message -----
>
> > The 'vcpu' field changed from a fixed array to a pointer to an array.
> > Change xen_hyper_store_domain_context to account for this change.
>
> Presuming this tests OK on older hypervisor dumps, this looks OK.
> Queued for the next release based upon testing.

Hi Dave,

older Xen hypervisors didn't have the "max_vcpus" field in struct domain, so
there is in fact no change for them.

However, thinking about it some more, this might be affected by the increase
of XEN_HYPER_MAX_VIRT_CPUS. Although I haven't seen a failure, let me check
first whether a crash session on a dump from Xen 3.3 attempts to read past
array boundaries.

Petr Tesarik
SUSE Linux

> Thanks,
> Dave
>
> > Signed-off-by: Petr Tesarik <ptesarik@suse.cz>
> > ---
> > xen_hyper.c | 40 +++++++++++++++++++++++++++++++++++++---
> > xen_hyper_defs.h | 1 +
> > 2 files changed, 38 insertions(+), 3 deletions(-)
> >
> > --- a/xen_hyper.c
> > +++ b/xen_hyper.c
> > @@ -219,6 +219,7 @@ xen_hyper_domain_init(void)
> >
> > XEN_HYPER_MEMBER_OFFSET_INIT(domain_is_shutting_do wn, "domain",
> > "is_shutting_down");
> > XEN_HYPER_MEMBER_OFFSET_INIT(domain_is_shut_down, "domain",
> > "is_shut_down");
> > XEN_HYPER_MEMBER_OFFSET_INIT(domain_vcpu, "domain", "vcpu");
> > + XEN_HYPER_MEMBER_OFFSET_INIT(domain_max_vcpus, "domain",
> > "max_vcpus");
> > XEN_HYPER_MEMBER_OFFSET_INIT(domain_arch, "domain", "arch");
> >
> > XEN_HYPER_STRUCT_SIZE_INIT(arch_shared_info, "arch_shared_info");
> > @@ -1207,6 +1208,8 @@ struct xen_hyper_domain_context *
> > xen_hyper_store_domain_context(struct xen_hyper_domain_context *dc,
> > ulong domain, char *dp)
> > {
> > + unsigned int max_vcpus;
> > + char *vcpup;
> > int i;
> >
> > dc->domain = domain;
> > @@ -1244,9 +1247,40 @@ xen_hyper_store_domain_context(struct xe
> > dc->domain_flags = XEN_HYPER_DOMF_ERROR;
> > }
> > dc->evtchn = ULONG(dp + XEN_HYPER_OFFSET(domain_evtchn));
> > - for (i = 0; i < XEN_HYPER_MAX_VIRT_CPUS; i++) {
> > - dc->vcpu[i] = ULONG(dp + XEN_HYPER_OFFSET(domain_vcpu) +
> > i*sizeof(void *));
> > - if (dc->vcpu[i]) XEN_HYPER_NR_VCPUS_IN_DOM(dc)++;
> > +
> > + if (XEN_HYPER_VALID_MEMBER(domain_max_vcpus)) {
> > + max_vcpus = UINT(dp + XEN_HYPER_OFFSET(domain_max_vcpus));
> > + } else {
> > + max_vcpus = XEN_HYPER_MAX_VIRT_CPUS;
> > + }
> > + if (MEMBER_TYPE("domain", "vcpu") == TYPE_CODE_ARRAY)
> > + vcpup = dp + XEN_HYPER_OFFSET(domain_vcpu);
> > + else {
> > + ulong vcpu_array = ULONG(dp + XEN_HYPER_OFFSET(domain_vcpu));
> > + if (vcpu_array && max_vcpus) {
> > + if (!(vcpup =
> > + malloc(max_vcpus * sizeof(void *)))) {
> > + error(FATAL, "cannot malloc VCPU array for domain %lx.",
> > + domain);
> > + }
> > + if (!readmem(vcpu_array, KVADDR,
> > + vcpup, max_vcpus * sizeof(void*),
> > + "VCPU array", RETURN_ON_ERROR)) {
> > + error(FATAL, "cannot read VCPU array for domain %lx.",
> > + domain);
> > + }
> > + } else {
> > + vcpup = NULL;
> > + }
> > + }
> > + if (vcpup) {
> > + for (i = 0; i < max_vcpus; i++) {
> > + dc->vcpu[i] = ULONG(vcpup + i*sizeof(void *));
> > + if (dc->vcpu[i]) XEN_HYPER_NR_VCPUS_IN_DOM(dc)++;
> > + }
> > + if (vcpup != dp + XEN_HYPER_OFFSET(domain_vcpu)) {
> > + free(vcpup);
> > + }
> > }
> >
> > return dc;
> > --- a/xen_hyper_defs.h
> > +++ b/xen_hyper_defs.h
> > @@ -674,6 +674,7 @@ struct xen_hyper_offset_table {
> > long domain_is_shutting_down;
> > long domain_is_shut_down;
> > long domain_vcpu;
> > + long domain_max_vcpus;
> > long domain_arch;
> > #ifdef IA64
> > /* mm_struct */
> >
> > --
> > Crash-utility mailing list
> > Crash-utility@redhat.com
> > https://www.redhat.com/mailman/listinfo/crash-utility
>
> --
> Crash-utility mailing list
> Crash-utility@redhat.com
> https://www.redhat.com/mailman/listinfo/crash-utility


--
Crash-utility mailing list
Crash-utility@redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
 
Old 01-14-2011, 12:53 PM
Petr Tesarik
 
Default Account for the changed type of the domain.vcpu field in Xen4

Dne pátek 07 Leden 2011 20:18:29 Dave Anderson napsal(a):
> ----- Original Message -----
>
> > On Friday 07 of January 2011 16:27:55 Dave Anderson wrote:
> > > ----- Original Message -----
> > >
> > > > The 'vcpu' field changed from a fixed array to a pointer to an array.
> > > > Change xen_hyper_store_domain_context to account for this change.
> > >
> > > Presuming this tests OK on older hypervisor dumps, this looks OK.
> > > Queued for the next release based upon testing.
> >
> > Hi Dave,
> >
> > older Xen hypervisors didn't have the "max_vcpus" field in struct domain,
> > so there is in fact no change for them.
> >
> > However, thinking about it some more, this might be affected by the
> > increase of XEN_HYPER_MAX_VIRT_CPUS. Although I haven't seen a failure,
> > let me check first whether a crash session on a dump from Xen 3.3
> > attempts to read past array boundaries.
>
> As it turns out, my tests didn't work out on any of my sample hypervisor
> dumps, presumably due to this patch, the XEN_HYPER_MAX_VIRT_CPUS patch, or
> both (?).

Hi Dave,

yes, it's because of the XEN_HYPER_MAX_VIRT_CPUS. The vcpu field is declared
as:

struct vcpu *vcpu[MAX_VIRT_CPUS];

for Xen-3.3, but it is a pointer to a dynamically allocated array in Xen4. So,
this is exactly what I was afraid of, and crash reads past the array
boundaries in xen_hyper_store_domain_context.

OTOH I don't like the idea of hard-wiring the MAX_VIRT_CPUS constant in crash,
because it's one of the easiest tweaks one could do on the Xen kernel (well,
32 VCPUs isn't really much).

Let me see if I can find a better solution,
Petr

--
Crash-utility mailing list
Crash-utility@redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
 
Old 01-17-2011, 10:41 AM
Petr Tesarik
 
Default Account for the changed type of the domain.vcpu field in Xen4

The 'vcpu' field changed from a fixed array to a pointer to an array.
The size of the array is stored in the (newly introduced) 'max_vcpus'
field. Modify xen_hyper_store_domain_context to account for this change.

Signed-off-by: Petr Tesarik <ptesarik@suse.cz>

---
xen_hyper.c | 37 +++++++++++++++++++++++++++++++++----
xen_hyper_defs.h | 1 +
2 files changed, 34 insertions(+), 4 deletions(-)

--- a/xen_hyper.c
+++ b/xen_hyper.c
@@ -220,6 +220,7 @@ xen_hyper_domain_init(void)
XEN_HYPER_MEMBER_OFFSET_INIT(domain_is_shut_down, "domain",
"is_shut_down");
XEN_HYPER_MEMBER_OFFSET_INIT(domain_vcpu, "domain", "vcpu");
XEN_HYPER_MEMBER_SIZE_INIT(domain_vcpu, "domain", "vcpu");
+ XEN_HYPER_MEMBER_OFFSET_INIT(domain_max_vcpus, "domain", "max_vcpus");
XEN_HYPER_MEMBER_OFFSET_INIT(domain_arch, "domain", "arch");

XEN_HYPER_STRUCT_SIZE_INIT(arch_shared_info, "arch_shared_info");
@@ -1208,6 +1209,7 @@ struct xen_hyper_domain_context *
xen_hyper_store_domain_context(struct xen_hyper_domain_context *dc,
ulong domain, char *dp)
{
+ char *vcpup;
unsigned int max_vcpus;
unsigned int i;

@@ -1246,7 +1248,9 @@ xen_hyper_store_domain_context(struct xe
dc->domain_flags = XEN_HYPER_DOMF_ERROR;
}
dc->evtchn = ULONG(dp + XEN_HYPER_OFFSET(domain_evtchn));
- if (XEN_HYPER_VALID_SIZE(domain_vcpu)) {
+ if (XEN_HYPER_VALID_MEMBER(domain_max_vcpus)) {
+ max_vcpus = UINT(dp + XEN_HYPER_OFFSET(domain_max_vcpus));
+ } else if (XEN_HYPER_VALID_SIZE(domain_vcpu)) {
max_vcpus = XEN_HYPER_SIZE(domain_vcpu) / sizeof(void *);
} else {
max_vcpus = XEN_HYPER_MAX_VIRT_CPUS;
@@ -1255,9 +1259,34 @@ xen_hyper_store_domain_context(struct xe
error(FATAL, "cannot malloc vcpu array (%d VCPUs).",
max_vcpus);
}
- for (i = 0; i < max_vcpus; i++) {
- dc->vcpu[i] = ULONG(dp + XEN_HYPER_OFFSET(domain_vcpu) +
i*sizeof(void *));
- if (dc->vcpu[i]) XEN_HYPER_NR_VCPUS_IN_DOM(dc)++;
+ if (MEMBER_TYPE("domain", "vcpu") == TYPE_CODE_ARRAY)
+ vcpup = dp + XEN_HYPER_OFFSET(domain_vcpu);
+ else {
+ ulong vcpu_array = ULONG(dp + XEN_HYPER_OFFSET(domain_vcpu));
+ if (vcpu_array && max_vcpus) {
+ if (!(vcpup =
+ malloc(max_vcpus * sizeof(void *)))) {
+ error(FATAL, "cannot malloc VCPU array for domain %lx.",
+ domain);
+ }
+ if (!readmem(vcpu_array, KVADDR,
+ vcpup, max_vcpus * sizeof(void*),
+ "VCPU array", RETURN_ON_ERROR)) {
+ error(FATAL, "cannot read VCPU array for domain %lx.",
+ domain);
+ }
+ } else {
+ vcpup = NULL;
+ }
+ }
+ if (vcpup) {
+ for (i = 0; i < max_vcpus; i++) {
+ dc->vcpu[i] = ULONG(vcpup + i*sizeof(void *));
+ if (dc->vcpu[i]) XEN_HYPER_NR_VCPUS_IN_DOM(dc)++;
+ }
+ if (vcpup != dp + XEN_HYPER_OFFSET(domain_vcpu)) {
+ free(vcpup);
+ }
}

return dc;
--- a/xen_hyper_defs.h
+++ b/xen_hyper_defs.h
@@ -675,6 +675,7 @@ struct xen_hyper_offset_table {
long domain_is_shutting_down;
long domain_is_shut_down;
long domain_vcpu;
+ long domain_max_vcpus;
long domain_arch;
#ifdef IA64
/* mm_struct */

--
Crash-utility mailing list
Crash-utility@redhat.com
https://www.redhat.com/mailman/listinfo/crash-utility
 

Thread Tools




All times are GMT. The time now is 07:36 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org