Hi,
You (yamahata) said:
>>> - Probably IA64 specific code paths assume that if the p2m conversion
>>> gives valid mfn, then the page isn't free.
>>> Your patch breaks it. I haven't check it though.
>>
>> In our investigation, the domain is paused at domain_kill phase, thus
>> it don't occur the issue, and x86 code had introduced same logic.
>
> Although all vcpus of the domain are paused,
> how about another domain's vcpu?
> It might be possible for another domain's vcpu to modify
> the p2m table.
I think, the p2m table of the domain (during destruction indeed)
is not modified by any domain. Gran table reference has a possiblity
of p2m table modified by other domain, but in this case, grant table
reference releases before `shadow_teardown'.
In other hand, p2m table of other domain might become to refer the
same page frame which has used by destructing domain. In this case,
get_page() is final guard to avoid memory coruption. In x86 code, it
is introduced same logic. I discussed about the delayed p2m table
destruction in xen-devel community, thus I confirmed it. I suppose
that it avoids to be too heavy to comform.
> And one more comment.
> - your patch breaks page reference convension.
During domain creation and destruction, it might be broken, but
it has to do, I think.
>>> - Why shadow prefix? it isn't related to shadow.
>>
>> In IA64 code, it doesn't have shadow page table, but it regards
>> that it has shadow mode, I think. Thus I adopted shadow prefix to
>> follow other arch.
>
> Shadow prefix is confusing here. (At least for me)
I don't have so good idea.
What do you think about below ?
- shadow_teardown -> teardown_mm
- shadow_final_teardown -> final_teardown_mm
- shadow_p2m_teardown -> final_p2m_teardown
Thanks,
- Tsunehisa Doi
_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel
|
Home