| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
[Xen-devel] tracking of Xen heap pages shared with guest
I assume I'm overlooking something, but can someone explain how page
tracking works in the following two cases:
a) A guest unintentionally or maliciously frees (e.g. through
decrease_reservation) a page shared from the Xen heap (e.g. the
shared info page). From what I can see, such a page would have a
reference count of 1 (from share_xen_page_with_guest(), assuming
the guest doesn't have the page mapped), and would hence be
immediately freed with the corresponding put_page(). Nevertheless
Xen itself may continue to write to such a page.
b) A domU that had a xenoprof buffer allocated gets killed. Since the
xenoprof code directly calls free_xenheap_pages() on the buffer,
any mapping dom0 may have to it would not be considered, and hence
dom0 would retain a mapping to free memory. Additionally, the
put_page() in unshare_xenoprof_page_with_guest() could revert the
singe reference to the page established through
share_xen_page_with_guest() (i.e. if dom0 never mapped or already
unmapped the buffer), which again would result in the buffer getting
freed (and thus d->xenoprof->rawbuf becoming stale).
Apparently I'm just failing to find the places where extra reference
counts are being established for such pages...
Thanks, Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-devel] tracking of Xen heap pages shared with guest,
Jan Beulich <=
|
|
|
| |
|
Home