[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] [HVM]A possible mov_to_cr3 bug

To: "Tim Deegan" <Tim.Deegan@xxxxxxxxxxxxx>
From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
Date: Wed, 29 Nov 2006 10:13:47 +0800
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, "Jiang, Yunhong" <yunhong.jiang@xxxxxxxxx>
Delivery-date: Tue, 28 Nov 2006 18:13:54 -0800
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Thread-index: AccS0auEHcF4Yn8/S3G7qlTGxndUMwAijbbw
Thread-topic: [Xen-devel] [HVM]A possible mov_to_cr3 bug

>From: Tim Deegan [mailto:Tim.Deegan@xxxxxxxxxxxxx]
>Sent: 2006年11月28日 17:43
>
>Hi,
>
>At 17:25 +0800 on 28 Nov (1164734703), Tian, Kevin wrote:
>> However the logic within shadow_update_cr3() doesn't ensure this,
>> which will sh_put_ref old shadow. Normally l4 shadow page is pinned
>> and thus with refcount as 2. So above sh_put_ref doesn't free this
>> shadow page, and the original one will be re-chosed immediately.
>>
>> This is the normal case, however it doesn't hold true once
>> shadow_prealloc is invoked before this update.
>
>Yes; that's a bug in sh_set_toplevel_shadow(), since we don't want to
>accidentally unshadow an entire process.  I've fixed it to take the ref
>on the new contents before putting the ref on the old.
>
>Thanks,
>
>Tim.

Yes, that's a clean fix. Thanks for doing this.

Thanks,
Kevin

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Prev by Date: RE: [Xen-devel] Live migration leaves page tables read-only?
Next by Date: [Xen-devel] [PATCH] 1/3] [XEN] Use explicit bit sized fields for exported xentrace data.
Previous by thread: Re: [Xen-devel] [HVM]A possible mov_to_cr3 bug
Next by thread: [Xen-devel] ztdummy and Xen (RTC & USB)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.