|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] shadow2 corrupting PV guest state
Hi, You (Tim.Deegan) said: >> Basically, the referencee should not be released during to exist the >> referencer, I think. >> >> In domain_kill phase, domain_relinquish_resource releases a memory >> of destroying domain. So, the memory may use other domain. But, P2M >> table of the domain exists, then the memory might be corrupted by >> gnttab_copy. >> >> In __gnttab_copy code, it will avoid to corrupt a memory that was >> used in destroying domain with __acquire_grant_for_copy and get_page. >> But, I think that it has atomicity issue of owner. > > Are you worried about a race where the foreign domain is destroyed and > another domain created, with the same struct domain pointer, and which > owns the same frame, between the __acquire_grant_for_copy() and the > get_page()? No, I'm worried that two domains use with same page frame. The released pages can be used by new domain, but old domain sturct exists between domain_kill and domain_destroy. > Earlier in __gnttab_copy, we call find_domain_by_id() on the foreign > domain, which calls get_domain(), so we're safe from that. I suppose that find_domain_by_id doesn't ensure not to be used by both domains. Thanks, - Tsunehisa Doi _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |