At 14:45 +0900 on 23 Oct (1161614732), Doi.Tsunehisa@xxxxxxxxxxxxxx wrote:
> Basically, the referencee should not be released during to exist the
> referencer, I think.
> In domain_kill phase, domain_relinquish_resource releases a memory
> of destroying domain. So, the memory may use other domain. But, P2M
> table of the domain exists, then the memory might be corrupted by
> In __gnttab_copy code, it will avoid to corrupt a memory that was
> used in destroying domain with __acquire_grant_for_copy and get_page.
> But, I think that it has atomicity issue of owner.
Are you worried about a race where the foreign domain is destroyed and
another domain created, with the same struct domain pointer, and which
owns the same frame, between the __acquire_grant_for_copy() and the
Earlier in __gnttab_copy, we call find_domain_by_id() on the foreign
domain, which calls get_domain(), so we're safe from that.
Xen-devel mailing list