WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] tracking of Xen heap pages shared with guest

To: <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] tracking of Xen heap pages shared with guest
From: "Jan Beulich" <jbeulich@xxxxxxxxxx>
Date: Fri, 14 Mar 2008 12:59:35 +0000
Delivery-date: Fri, 14 Mar 2008 05:59:12 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
I assume I'm overlooking something, but can someone explain how page
tracking works in the following two cases:

a) A guest unintentionally or maliciously frees (e.g. through
decrease_reservation) a page shared from the Xen heap (e.g. the
shared info page). From what I can see, such a page would have a
reference count of 1 (from share_xen_page_with_guest(), assuming
the guest doesn't have the page mapped), and would hence be
immediately freed with the corresponding put_page(). Nevertheless
Xen itself may continue to write to such a page.

b) A domU that had a xenoprof buffer allocated gets killed. Since the
xenoprof code directly calls free_xenheap_pages() on the buffer,
any mapping dom0 may have to it would not be considered, and hence
dom0 would retain a mapping to free memory. Additionally, the
put_page() in unshare_xenoprof_page_with_guest() could revert the
singe reference to the page established through
share_xen_page_with_guest() (i.e. if dom0 never mapped or already
unmapped the buffer), which again would result in the buffer getting
freed (and thus d->xenoprof->rawbuf becoming stale).

Apparently I'm just failing to find the places where extra reference
counts are being established for such pages...

Thanks, Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel