|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Re: xen crash in tmem: checking a xen pfn for domain ownership
If you could be doing memory sharing then you might need to use gfn_to_mfn_unshare()? Otherwise it looks pretty plausible, and that one flaw is pretty minor as you're probably not using memshr. -- Keir On 17/09/2010 17:29, "Dan Magenheimer" <dan.magenheimer@xxxxxxxxxx> wrote: > Does the construct: > > xen_pfn_t gpfn; > p2m_type_t t; > unsigned long mfn; > > mfn = mfn_x(gfn_to_mfn(current->domain, gpfn, &t)); > if (t != p2m_ram_rw || cli_mfn == INVALID_MFN) > return NULL; /* bad */ > return map_domain_page(mfn) > > somehow check to ensure that pfn belongs to current->domain? > (See cli_mfn_to_va() in common/tmem_xen.c.) > > If not, is there an easy way to perform that check? > (preferably one that works for both HVM and PV guests) > > In debugging a tmem Linux-side guest patch, I discovered > that a bad mfn passed by the guest can crash Xen and > I think this assumption might be the problem. > > Thanks, > Dan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |