Xen project Mailing List

[Xen-changelog] [xen-unstable] x86 shadow: fix race when domain is dying

From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>

Date: Thu, 26 Nov 2009 03:30:23 -0800

Delivery-date: Thu, 26 Nov 2009 03:34:43 -0800

List-id: BK change log <xen-changelog.lists.xensource.com>

# HG changeset patch # User Keir Fraser <keir.fraser@xxxxxxxxxx> # Date 1259233350 0 # Node ID 44ea369eefc13145c082fd0e48d15e502b7cd5b9 # Parent d300628722987757d84728cf3ba15a572b2861d4 x86 shadow: fix race when domain is dying There are some cases that shadow_write_p2m_entry() is called after the domain is killed. It causes Xen to crash. - Race between xc_map_foreign_batch from qemu-dm and "xm destroy" command. - The hypervisor calls domain_crash when PoD fails. Signed-off-by: Kouya Shimura <kouya@xxxxxxxxxxxxxx> --- xen/arch/x86/mm/p2m.c | 6 ++++++ xen/arch/x86/mm/shadow/common.c | 7 +++++++ 2 files changed, 13 insertions(+) diff -r d30062872298 -r 44ea369eefc1 xen/arch/x86/mm/p2m.c --- a/xen/arch/x86/mm/p2m.c Thu Nov 26 11:00:49 2009 +0000 +++ b/xen/arch/x86/mm/p2m.c Thu Nov 26 11:02:30 2009 +0000 @@ -1220,6 +1220,12 @@ p2m_gfn_to_mfn(struct domain *d, unsigne l1_pgentry_t *l1e; ASSERT(paging_mode_translate(d)); + + if ( unlikely(d->is_dying) ) + { + *t = p2m_invalid; + return _mfn(INVALID_MFN); + } /* XXX This is for compatibility with the old model, where anything not * XXX marked as RAM was considered to be emulated MMIO space. diff -r d30062872298 -r 44ea369eefc1 xen/arch/x86/mm/shadow/common.c --- a/xen/arch/x86/mm/shadow/common.c Thu Nov 26 11:00:49 2009 +0000 +++ b/xen/arch/x86/mm/shadow/common.c Thu Nov 26 11:02:30 2009 +0000 @@ -2171,6 +2171,7 @@ static void hash_foreach(struct vcpu *v, /* Say we're here, to stop hash-lookups reordering the chains */ ASSERT(shadow_locked_by_me(d)); + ASSERT(d->arch.paging.shadow.hash_table); ASSERT(d->arch.paging.shadow.hash_walking == 0); d->arch.paging.shadow.hash_walking = 1; @@ -3449,6 +3450,12 @@ shadow_write_p2m_entry(struct vcpu *v, u shadow_lock(d); + if ( unlikely(d->is_dying) ) + { + shadow_unlock(d); + return; + } + /* If we're removing an MFN from the p2m, remove it from the shadows too */ if ( level == 1 ) { _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-changelog

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.