WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] shadow2 corrupting PV guest state

To: Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] shadow2 corrupting PV guest state
From: Doi.Tsunehisa@xxxxxxxxxxxxxx
Date: Mon, 23 Oct 2006 20:21:12 +0900
Cc: Jeremy Fitzhardinge <jeremy@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Chris Wright <chrisw@xxxxxxxxxxxx>, Michael A Fetterman <Michael.Fetterman@xxxxxxxxxxxx>, Doi.Tsunehisa@xxxxxxxxxxxxxx
Delivery-date: Mon, 23 Oct 2006 04:22:26 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: Your message of Mon, 23 Oct 2006 11:26:34 +0100. <20061023102634.GC8271@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <453020EE.4080603@xxxxxxxx> <200610230545.k9N5jWF05122@xxxxxxxxxxxxxxxxxxxxxxxxxxx><20061023102634.GC8271@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
  Hi,

You (Tim.Deegan) said:
>>   Basically, the referencee should not be released during to exist the
>> referencer, I think.
>> 
>>   In domain_kill phase, domain_relinquish_resource releases a memory
>> of destroying domain. So, the memory may use other domain. But, P2M
>> table of the domain exists, then the memory might be corrupted by
>> gnttab_copy.
>> 
>>   In __gnttab_copy code, it will avoid to corrupt a memory that was
>> used in destroying domain with __acquire_grant_for_copy and get_page.
>> But, I think that it has atomicity issue of owner.
> 
> Are you worried about a race where the foreign domain is destroyed and
> another domain created, with the same struct domain pointer, and which
> owns the same frame, between the __acquire_grant_for_copy() and the
> get_page()?

  No, I'm worried that two domains use with same page frame.

  The released pages can be used by new domain, but old domain sturct
exists between domain_kill and domain_destroy.

> Earlier in __gnttab_copy, we call find_domain_by_id() on the foreign
> domain, which calls get_domain(), so we're safe from that.

  I suppose that find_domain_by_id doesn't ensure not to be used by
both domains.

Thanks,
- Tsunehisa Doi

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel