|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] x86 shadow: fix race when domain is dying
Hi, At 08:17 +0000 on 26 Nov (1259223466), Kouya Shimura wrote: > There are some cases that shadow_write_p2m_entry() is called after > the domain is killed. It causes Xen to crash. Thanks for catching this! I'm afraid your fix opens a different race window, though: any p2m operation that happens after d->is_dying is set but before p2m_teardown() will corrupt the p2m (because the entry wouldn't actually get written). If it also happens before shadow_teardown() it could break the invariants of the shadow pagetables, possibly causing a crash when shadow_teardown() is reached. The right fix is to test for whether shadow_teardown() has been called, and if so, call safe_write_entry() without trying to fix up the shadows. I've attached a patch. Cheers, Tim. -- Tim Deegan <Tim.Deegan@xxxxxxxxxx> Principal Software Engineer, Citrix Systems (R&D) Ltd. [Company #02300071, SL9 0DZ, UK.] Attachment:
late-p2m-entry-write _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |