WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] [PATCH] x86 shadow: fix race when domain is dying

from [Tim Deegan] [Permanent Link][Original]
To: Kouya Shimura <kouya@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] [PATCH] x86 shadow: fix race when domain is dying
From: Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Date: Thu, 26 Nov 2009 11:07:46 +0000
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Thu, 26 Nov 2009 03:08:09 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <7kvdgxya1h.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <7kvdgxya1h.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17) 
Hi,

At 08:17 +0000 on 26 Nov (1259223466), Kouya Shimura wrote:
> There are some cases that shadow_write_p2m_entry() is called after
> the domain is killed. It causes Xen to crash.

Thanks for catching this!  I'm afraid your fix opens a different race
window, though: any p2m operation that happens after d->is_dying is set
but before p2m_teardown() will corrupt the p2m (because the entry
wouldn't actually get written).  If it also happens before
shadow_teardown() it could break the invariants of the shadow
pagetables, possibly causing a crash when shadow_teardown() is reached.

The right fix is to test for whether shadow_teardown() has been called,
and if so, call safe_write_entry() without trying to fix up the shadows.
I've attached a patch.

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Citrix Systems (R&D) Ltd.
[Company #02300071, SL9 0DZ, UK.]

Attachment: late-p2m-entry-write
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] Failure to load the most recent 2.6.31.5 under Xen 3.4.2-rc3-pre on ASUS P5Q3, Boris Derzhavets
Next by Date:  Re: [Xen-devel] [PATCH] Implement rdtscp emulation and rdtscp_aux "support", Keir Fraser
Previous by Thread:  [Xen-devel] [PATCH] x86 shadow: fix race when domain is dying, Kouya Shimura
Next by Thread:  Re: [Xen-devel] [PATCH] x86 shadow: fix race when domain is dying, Kouya Shimura
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy