The change to increase the VNIF's allowed per guest introduced an error that can cause memory corruption. Detail follows: A PV OS has two grant table data structures: the grant table itself and a free list. The free list is composed of an array of pages, which grow dynamically as the guest OS requires more grants. While the grant table contains 8-byte entries, the free list contains 4-byte entries. So we have half as many pages in the free list than in the grant table. There was a bug in the free list allocation code. The free list was indexed as if it was the same size as the grant table. But it's only half as large. So memory got corrupted, and I was seeing crashes in the slab allocator later on. A patch has been posted upstream.
Some details on this: - bug #297331 and bug #223908 were the original bugs requesting that guests be able to have more than 3 VNIFs - The upstream fix we backported was: http://xenbits.xensource.com/xen-unstable.hg?rev/70f05d642a2e http://lists.xensource.com/archives/html/xen-devel/2007-01/msg00166.html - This bug is about a potential memory corruption bug with the original patch. We have not yet reproduced this memory corruption, but the fix is upstream in linux-2.6.18-xen.hg and linus's tree: http://xenbits.xensource.com/linux-2.6.18-xen.hg?rev/4018c0da3360 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=bbc60c18ed17df75270da504bbd8f7bc4a52d43d
in kernel-2.6.18-89.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5
*** Bug 433755 has been marked as a duplicate of this bug. ***
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0314.html