From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.3 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82AFAC433DB for ; Wed, 3 Mar 2021 19:36:57 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 02C7E64EC4 for ; Wed, 3 Mar 2021 19:36:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 02C7E64EC4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=xen.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.92992.175492 (Exim 4.92) (envelope-from ) id 1lHXIW-0005TI-NZ; Wed, 03 Mar 2021 19:36:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 92992.175492; Wed, 03 Mar 2021 19:36:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lHXIW-0005TB-KC; Wed, 03 Mar 2021 19:36:40 +0000 Received: by outflank-mailman (input) for mailman id 92992; Wed, 03 Mar 2021 19:36:38 +0000 Received: from mail.xenproject.org ([104.130.215.37]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lHXIU-0005Sy-AL; Wed, 03 Mar 2021 19:36:38 +0000 Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lHXIP-0007X3-Qm; Wed, 03 Mar 2021 19:36:33 +0000 Received: from 54-240-197-235.amazon.com ([54.240.197.235] helo=a483e7b01a66.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1lHXIP-0002sj-EV; Wed, 03 Mar 2021 19:36:33 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: MIME-Version:Date:Message-ID:From:Cc:References:To:Subject; bh=sDk3J6ex41e5UOfMIFRJGkpw25WoxzOov78X8K+E68k=; b=aHEncM9LyU60KAaFMrmYIgDhiF E9yYqh02QvUhvsQxqZKNJiY4+SSLF9tUm22UHMB5uXdtSTwc3QX0uH9r6iEYYHeFIXejsMvaouwqf loMV7EKupzGZ2xOSCDS+gpjsXaaW1Ff7d3ELVtOzaSPYpX56puu8ozLWtYgNO9GuXwFo=; Subject: Re: dom0less boot two compressed kernel images out-of-memory work-around To: Charles Chiou , "xen-devel@lists.xenproject.org" References: Cc: Jan Beulich , Stefano Stabellini , Ian Jackson , Andrew Cooper From: Julien Grall Message-ID: <58aaf68f-4499-9400-6eb2-f1ad3b620c73@xen.org> Date: Wed, 3 Mar 2021 19:36:31 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-GB Content-Transfer-Encoding: 7bit (BCCing xen-users, CCing xen-devel + a few folks) Hi, Moving the discussion to xen-devel. On 22/02/2021 05:02, Charles Chiou wrote: > When trying to boot two zImage using dom0less boot on ARM, we encountered this problem when xen runs gunzip on second guest: > > (XEN) **************************************** > (XEN) Panic on CPU 0: > (XEN) Out of memory > (XEN) **************************************** > > And worked around it with the following patch. We'd like to check to see if this is a known issue and if the work-around looks reasonable. Thank you I haven't seen any similar report in the past. > > > diff --git a/xen/common/gunzip.c b/xen/common/gunzip.c > index db4efcd34b..e5bd19ba7f 100644 > --- a/xen/common/gunzip.c > +++ b/xen/common/gunzip.c > @@ -113,8 +113,10 @@ __init int perform_gunzip(char *output, char *image, unsigned long image_len) > > window = (unsigned char *)output; > > + if (!free_mem_ptr) { > free_mem_ptr = (unsigned long)alloc_xenheap_pages(HEAPORDER, 0); > free_mem_end_ptr = free_mem_ptr + (PAGE_SIZE << HEAPORDER); > + } > > inbuf = (unsigned char *)image; > insize = image_len; > @@ -131,7 +133,12 @@ __init int perform_gunzip(char *output, char *image, unsigned long image_len) > rc = 0; > } > > + if (free_mem_ptr) { > free_xenheap_pages((void *)free_mem_ptr, HEAPORDER); > + free_mem_ptr = 0; > + } > + > + bytes_out = 0; > > return rc; > } > diff --git a/xen/common/inflate.c b/xen/common/inflate.c > index f99c985d61..de96002188 100644 > --- a/xen/common/inflate.c > +++ b/xen/common/inflate.c > @@ -244,7 +244,7 @@ static void *INIT malloc(int size) > > if (size < 0) > error("Malloc error"); > - if (!malloc_ptr) > + if ((!malloc_ptr) || (!malloc_count)) > malloc_ptr = free_mem_ptr; > IMHO, this is a bit risky to assume that malloc_count will always be 0 after each gunzip. Instead I think, it would be better if we re-initialize the allocator every time. How about the following (untested): commit e1cd2d85234c8d0aa62ad32c824a5568a57be930 (HEAD -> dev) Author: Julien Grall Date: Wed Mar 3 19:27:56 2021 +0000 xen/gunzip: Allow perform_gunzip() to be called multiple times Currently perform_gunzip() can only be called once because the the internal allocator is not fully re-initialized. This works fine if you are only booting dom0. But this will break when booting multiple using the dom0less that uses compressed kernel images. This can be resolved by re-initializing malloc_ptr and malloc_count every time perform_gunzip() is called. Note the latter is only re-initialized for hardening purpose as there is no guarantee that every malloc() are followed by free() (It should in theory!). Take the opportunity to check the return of alloc_heap_pages() to return an error rather than dereferencing a NULL pointer later on failure. Reported-by: Charles Chiou Signed-off-by: Julien Grall --- This patch is candidate for Xen 4.15. Without this patch, it will not be possible to boot multiple domain using dom0less when they are using compressed kernel images. diff --git a/xen/common/gunzip.c b/xen/common/gunzip.c index db4efcd34b77..a5c2e25efc0f 100644 --- a/xen/common/gunzip.c +++ b/xen/common/gunzip.c @@ -114,7 +114,11 @@ __init int perform_gunzip(char *output, char *image, unsigned long image_len) window = (unsigned char *)output; free_mem_ptr = (unsigned long)alloc_xenheap_pages(HEAPORDER, 0); + if ( !free_mem_ptr ) + return -ENOMEM; + free_mem_end_ptr = free_mem_ptr + (PAGE_SIZE << HEAPORDER); + init_allocator(); inbuf = (unsigned char *)image; insize = image_len; diff --git a/xen/common/inflate.c b/xen/common/inflate.c index f99c985d6135..d8c28a3e9593 100644 --- a/xen/common/inflate.c +++ b/xen/common/inflate.c @@ -238,6 +238,12 @@ STATIC const ush mask_bits[] = { static unsigned long INITDATA malloc_ptr; static int INITDATA malloc_count; +static void init_allocator(void) +{ + malloc_ptr = free_mem_ptr; + malloc_count = 0; +} + static void *INIT malloc(int size) { void *p; Best regards, -- Julien Grall