This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] A question about SHARE_PFN_WITH_DOMAIN

To: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
Subject: Re: [Xen-devel] A question about SHARE_PFN_WITH_DOMAIN
From: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Date: Fri, 13 Jan 2006 09:14:39 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 13 Jan 2006 09:21:31 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <571ACEFD467F7749BC50E0A98C17CDD802C06C6E@pdsmsx403>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <571ACEFD467F7749BC50E0A98C17CDD802C06C6E@pdsmsx403>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

On 13 Jan 2006, at 07:10, Tian, Kevin wrote:

Secondly, there is the subtle and thorny issue of domain destruction.
Xen assume that any domain that has a non-zero reference count has a
valid shared_info, for example.

Could you please point out where I can find such assumption in the code?

Sure. For example, event channel bindings are torn down only when the domain refcnt falls to zero. If we freed the shared_info page when dom0 kills the domain, the refcnt may remain non-zero for some time after that (because of mappings of network/block ring pages for example). If dom0 tries to notify via an event channel, the evtchn code in Xen will happily dereference the dying domU's shared_info pointer which would no longer be valid.

So we cannot free shared_info until domain_destruct(), and if Xen held a reference on shared_info then domain_destruct() would never be called.

 -- Keir

Xen-devel mailing list