WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] shadow2 corrupting PV guest state

To: Keir Fraser <Keir.Fraser@xxxxxxxxxxxx>
Subject: Re: [Xen-devel] shadow2 corrupting PV guest state
From: Doi.Tsunehisa@xxxxxxxxxxxxxx
Date: Tue, 24 Oct 2006 19:05:22 +0900
Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>, Doi.Tsunehisa@xxxxxxxxxxxxxx
Delivery-date: Tue, 24 Oct 2006 03:06:39 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: Your message of Tue, 24 Oct 2006 10:44:52 +0100. <C1639F24.33D2%Keir.Fraser@xxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <C1639F24.33D2%Keir.Fraser@xxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
You (Keir.Fraser) said:
>>> True, but we don't look at nd unless the page is allocated...
>> 
>>   Between domain_relinquish_resources() in domain_kill() and
>> shadow_final_teadown() in domain_destroy(), nd might be looked
>> with gnttab_copy(), I think.
> 
> Domain_destroy() is only called when the domain refcnt reaches zero. This
> can only happen when all its page refcnts have reached zero. When a page's
> refcnt reaches zero, get_page() no longer succeeds on it. So there is no
> race between gnttab_copy() and domain_destroy().

  I see.

  I want to confirm that...

  In free_domheap_pages(), if the page counts of each section are zero,
then domain refcount is decreased. Finaly the domain refcount is zero,
and domain_destroy() is called.

  In the other hand, get_page checks page count like below...

    .....
        if ( unlikely((x & PGC_count_mask) == 0) ||  /* Not allocated? */
             unlikely((nx & PGC_count_mask) == 0) || /* Count overflow? */
             unlikely(d != _domain) )                /* Wrong owner? */
    .....

  Thus, get_page can't succeeds on it.

  Is my understaning is right ?

Thanks,
- Tsunehisa Doi

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel