WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] shadow2 corrupting PV guest state

from [Doi . Tsunehisa] [Permanent Link][Original]
To: Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>
Subject: Re: [Xen-devel] shadow2 corrupting PV guest state
From: Doi.Tsunehisa@xxxxxxxxxxxxxx
Date: Mon, 23 Oct 2006 14:45:32 +0900
Cc: Jeremy Fitzhardinge <jeremy@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>, Chris Wright <chrisw@xxxxxxxxxxxx>, Michael A Fetterman <Michael.Fetterman@xxxxxxxxxxxx>, Doi.Tsunehisa@xxxxxxxxxxxxxx
Delivery-date: Sun, 22 Oct 2006 22:46:51 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: Your message of Fri, 20 Oct 2006 14:57:18 +0100. <20061020135718.GA8271@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <453020EE.4080603@xxxxxxxx> <200610201342.k9KDgdF01725@xxxxxxxxxxxxxxxxxxxxxxxxxxx><20061020135718.GA8271@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Hi,

You (Tim.Deegan) said:
>>   * Before shadow2 age, x86 and ia64 use same logic for domain
>>     destruction.
>>     - at first, release gnttab references
>>     - destruct page table for VCPU
>>     - destruct P2M table for domain
>>     - relinquish memory for domain
>> 
>>   * After shadow2 age, x86 introduces delayed P2M table destruction.
>>     - release gnttab references
>>     - destruct page table for VCPU
>>     - relinquish memory for domain
>>     - destruct P2M table for domain in domain_destroy()
>>     *** I don't have confidence in my investigation. 
>>     *** Am I right ?
> 
> Yep.  The P2M table can't be destroyed in domain_relinquish_resources,
> as it is needed when pulling down grant references, and foreign domains
> may have outstanding grant references to the dying domain's memory even
> after domain_relinquish_resources.

  Thanks.

 I've supposed that the introduce of P2M table delayed destruction was
for gnttab_copy feature indeed. It seems that other grant table
references are released with gnttab_release_mapping() in domain_kill().

>>   If my speculation is correct, shadow2 may occur a problem of memory
>> corruption.
> 
> I don't follow quite why this would lead to memory corruption.  Can you
> explain?

  I'll try to explain it.

  Basically, the referencee should not be released during to exist the
referencer, I think.

  In domain_kill phase, domain_relinquish_resource releases a memory
of destroying domain. So, the memory may use other domain. But, P2M
table of the domain exists, then the memory might be corrupted by
gnttab_copy.

  In __gnttab_copy code, it will avoid to corrupt a memory that was
used in destroying domain with __acquire_grant_for_copy and get_page.
But, I think that it has atomicity issue of owner.

  In my opinion, P2M table should be destroyed before releasing memory.
So, if gnttab_copy will use it, it shall be failed as invalid access,
because the gnttab_copy doesn't have to succeed during the domain
destruction.

  What do you think about ?

Thanks,
- Tsunehisa Doi

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [BLOCK] blkback: Copy shared data before verification, Herbert Xu
Next by Date:  [XenPPC] Re: [Xen-devel] [PATCH] don't use mlock() with Solaris tools, John Levon
Previous by Thread:  Re: [Xen-devel] shadow2 corrupting PV guest state, Tim Deegan
Next by Thread:  Re: [Xen-devel] shadow2 corrupting PV guest state, Tim Deegan
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy