Re: [Xen-devel] workaround for dom0 crash due to QEMU using O_DIRECT

[Ian Campbell <ian.campbell@xxxxxxxxxx>]

On Mon, 2013-07-08 at 20:40 +0100, Alex Bligh wrote:

> Have we not got a danger here that trade_page could end up written
> to with VM A's data, and this could then find itself in VM B's disk?
> Or do we know that every access by the kernel after withdrawal
> of the grant is guaranteed to be a read? In which case making it read
> only might be safer.

It absolutely should be read only. AFAICT that means PAGE_KERNEL_RO
rather than the PAGE_KERNEL in the patch.

The case we are worried about is read-after-free on the network tx path.
There can be no write-after-free on the network rx path.

> Also, our normal config has dom0 with completely fixed memory (no
> ballooning) I believe. Is that something Diana needs to change when
> testing this?

No, the "ballooned" pages here are ones which are specially allocated
for use by the PV backends.

Ian.


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel