This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] shadow2 corrupting PV guest state

To: Doi.Tsunehisa@xxxxxxxxxxxxxx
Subject: Re: [Xen-devel] shadow2 corrupting PV guest state
From: Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>
Date: Mon, 23 Oct 2006 11:26:34 +0100
Cc: Chris Wright <chrisw@xxxxxxxxxxxx>, Michael A Fetterman <Michael.Fetterman@xxxxxxxxxxxx>, Jeremy Fitzhardinge <jeremy@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 23 Oct 2006 03:26:57 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <200610230545.k9N5jWF05122@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <453020EE.4080603@xxxxxxxx> <200610230545.k9N5jWF05122@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.13 (2006-08-11)
At 14:45 +0900 on 23 Oct (1161614732), Doi.Tsunehisa@xxxxxxxxxxxxxx wrote:
>   Basically, the referencee should not be released during to exist the
> referencer, I think.
>   In domain_kill phase, domain_relinquish_resource releases a memory
> of destroying domain. So, the memory may use other domain. But, P2M
> table of the domain exists, then the memory might be corrupted by
> gnttab_copy.
>   In __gnttab_copy code, it will avoid to corrupt a memory that was
> used in destroying domain with __acquire_grant_for_copy and get_page.
> But, I think that it has atomicity issue of owner.

Are you worried about a race where the foreign domain is destroyed and
another domain created, with the same struct domain pointer, and which
owns the same frame, between the __acquire_grant_for_copy() and the

Earlier in __gnttab_copy, we call find_domain_by_id() on the foreign
domain, which calls get_domain(), so we're safe from that.



Xen-devel mailing list