[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Is this a racing bug in page_make_sharable()?



Hi Grzegorz,

As I understand, the purpose of the code in page_make_sharable()
checking the ref count is to ensure that nobody unexpected is working
on the page, and so we can migrate it to dom_cow, right?

====
    /* Check if the ref count is 2. The first from PGT_allocated, and
     * the second from get_page_and_type at the top of this function */
    if(page->count_info != (PGC_allocated | (2 + expected_refcnt)))
    {
        /* Return type count back to zero */
        put_page_and_type(page);
        spin_unlock(&d->page_alloc_lock);
        return -E2BIG;
    }
====

However, it seems to me that this ref check and the following page
migration is not atomic( although the operations for type_info ref
check seems good) i.e. it's possible that it passed this ref
check but just before it goes to dom_cow, someone else gets this page?
As far as I know, in Linux kernel's similar scenarios, they do ref-freezing
tricks.

And if we don't need to worry about this racing case, then what is
this check trying to ensure?


Thanks,
Nai

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.