WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] tracking of Xen heap pages shared with guest

To: Jan Beulich <jbeulich@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] tracking of Xen heap pages shared with guest
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Fri, 14 Mar 2008 13:48:27 +0000
Cc: joserenato.santos@xxxxxx
Delivery-date: Fri, 14 Mar 2008 06:49:39 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <47DA8E83.76E4.0078.0@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AciF2hRMUyLC8fHNEdyPnAAWy6hiGQ==
Thread-topic: [Xen-devel] tracking of Xen heap pages shared with guest
User-agent: Microsoft-Entourage/11.3.6.070618
On 14/3/08 13:41, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote:

> Right, but the question was - what if the guest erroneously or
> maliciously frees the page? If there's indeed no extra reference, then
> the page (which Xen will continue to write to) may get assigned to a
> different domain, including dom0, and hence the whole system could
> get at risk.

It cannot be freed by the guest. Note that free_domheap_pages() is a no-op
for Xen-heap pages.

>> I'm no expert on xenoprof. I've cc'ed Renato.
>> 
>> Wouldn't dom0 mappings bump the page reference count, and this would prevent
>> the domU being destroyed (remember that non-empty domain page ownership
>> lists hold a domain reference)?
> 
> As I understand it, the pages get shared with dom0, so ownership also
> transfers to dom0, which doesn't prevent the guest from being fully
> destroyed.

Point out the specific lines of code that you think are offending and I'll
take a look.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel