ia64/xen-unstable

changeset 19686:50134a902c66

tmem: fix corner case crash on forcible domain destruction

When a tmem-enabled domain is destroyed, if the domain was
using a persistent pool, the domain destruction process
to scrubs page races tmem's attempts to gracefully dismantle
data structures. Move tmem_destroy earlier in the domain
destruction process.

Signed-off-by: Dan Magenheimer <dan.magenheimer@oracle.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
author Keir Fraser <keir.fraser@citrix.com>
date Mon Jun 01 14:07:46 2009 +0100 (2009-06-01)
parents 45447c0f7c6e
children 84c1f7c46444
files xen/common/domain.c xen/common/tmem.c
line diff
     1.1 --- a/xen/common/domain.c	Mon Jun 01 14:02:26 2009 +0100
     1.2 +++ b/xen/common/domain.c	Mon Jun 01 14:07:46 2009 +0100
     1.3 @@ -402,6 +402,8 @@ int domain_kill(struct domain *d)
     1.4          spin_barrier(&d->domain_lock);
     1.5          evtchn_destroy(d);
     1.6          gnttab_release_mappings(d);
     1.7 +        tmem_destroy(d->tmem);
     1.8 +        d->tmem = NULL;
     1.9          /* fallthrough */
    1.10      case DOMDYING_dying:
    1.11          rc = domain_relinquish_resources(d);
    1.12 @@ -583,9 +585,6 @@ static void complete_domain_destroy(stru
    1.13  
    1.14      grant_table_destroy(d);
    1.15  
    1.16 -    if ( d->tmem != NULL )
    1.17 -        tmem_destroy(d->tmem);
    1.18 -
    1.19      arch_domain_destroy(d);
    1.20  
    1.21      rangeset_domain_destroy(d);
     2.1 --- a/xen/common/tmem.c	Mon Jun 01 14:02:26 2009 +0100
     2.2 +++ b/xen/common/tmem.c	Mon Jun 01 14:07:46 2009 +0100
     2.3 @@ -867,7 +867,6 @@ static void client_free(client_t *client
     2.4  {
     2.5      list_del(&client->client_list);
     2.6      tmh_client_destroy(client->tmh);
     2.7 -    tmh_set_current_client(NULL);
     2.8      tmem_free(client,sizeof(client_t),NULL);
     2.9  }
    2.10  
    2.11 @@ -1992,20 +1991,17 @@ EXPORT void tmem_destroy(void *v)
    2.12  {
    2.13      client_t *client = (client_t *)v;
    2.14  
    2.15 +    if ( client == NULL )
    2.16 +        return;
    2.17 +
    2.18      if ( tmh_lock_all )
    2.19          spin_lock(&tmem_spinlock);
    2.20      else
    2.21          write_lock(&tmem_rwlock);
    2.22  
    2.23 -    if ( client == NULL )
    2.24 -        printk("tmem: can't destroy tmem pools for %s=%d\n",
    2.25 -               cli_id_str,client->cli_id);
    2.26 -    else
    2.27 -    {
    2.28 -        printk("tmem: flushing tmem pools for %s=%d\n",
    2.29 -               cli_id_str,client->cli_id);
    2.30 -        client_flush(client,1);
    2.31 -    }
    2.32 +    printk("tmem: flushing tmem pools for %s=%d\n",
    2.33 +           cli_id_str, client->cli_id);
    2.34 +    client_flush(client, 1);
    2.35  
    2.36      if ( tmh_lock_all )
    2.37          spin_unlock(&tmem_spinlock);