[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [HVM]A possible mov_to_cr3 bug

To: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
From: Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>
Date: Tue, 28 Nov 2006 09:43:26 +0000
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, "Jiang, Yunhong" <yunhong.jiang@xxxxxxxxx>
Delivery-date: Tue, 28 Nov 2006 01:43:31 -0800
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Hi, 

At 17:25 +0800 on 28 Nov (1164734703), Tian, Kevin wrote:
> However the logic within shadow_update_cr3() doesn't ensure this, 
> which will sh_put_ref old shadow. Normally l4 shadow page is pinned 
> and thus with refcount as 2. So above sh_put_ref doesn't free this 
> shadow page, and the original one will be re-chosed immediately.
> 
> This is the normal case, however it doesn't hold true once 
> shadow_prealloc is invoked before this update. 

Yes; that's a bug in sh_set_toplevel_shadow(), since we don't want to 
accidentally unshadow an entire process.  I've fixed it to take the ref
on the new contents before putting the ref on the old.

Thanks,

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

References:
- [Xen-devel] [HVM]A possible mov_to_cr3 bug
  - From: Tian, Kevin

Prev by Date: RE: [Xen-devel] VMX status report 12542:91951de7592c
Next by Date: [Xen-devel] [PATCH] non-flat protected mode HVM support
Previous by thread: [Xen-devel] [HVM]A possible mov_to_cr3 bug
Next by thread: RE: [Xen-devel] [HVM]A possible mov_to_cr3 bug
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.