I see that rcu locks in Xen code are empty or in other words
do nothing, and even rcu_dereference also doesn’t assign pointers through
a temporary variable. So is it possible that while domain destruction, while I’m
traversing through the domain_hash, list as in rcu_lock_domain_by_id(), I could
end up with an invalid pointer?
This is because I see that domain_destroy simply calls complete_domain_destroy
which frees up the domain pointer and it seems like it could be possible that while
traversing through the hash list in rcu_lock_domain_by_id I could end up with a
domain pointer which domain_destroy might have just destroyed and I can’t
proceed further down the list.
Please let me know if there’s something else that I’m
overlooking and if not then how come we don’t see domains/Xen crashing
because of this caveat.
Regards,
Bhaskar.
