|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] tracking of Xen heap pages shared with guest
>>> Keir Fraser <keir.fraser@xxxxxxxxxxxxx> 14.03.08 14:48 >>>
>On 14/3/08 13:41, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote:
>
>> Right, but the question was - what if the guest erroneously or
>> maliciously frees the page? If there's indeed no extra reference, then
>> the page (which Xen will continue to write to) may get assigned to a
>> different domain, including dom0, and hence the whole system could
>> get at risk.
>
>It cannot be freed by the guest. Note that free_domheap_pages() is a no-op
>for Xen-heap pages.
Ah, right. I keep getting confused by this special treatment of the Xen
heap.
>>> I'm no expert on xenoprof. I've cc'ed Renato.
>>>
>>> Wouldn't dom0 mappings bump the page reference count, and this would prevent
>>> the domU being destroyed (remember that non-empty domain page ownership
>>> lists hold a domain reference)?
>>
>> As I understand it, the pages get shared with dom0, so ownership also
>> transfers to dom0, which doesn't prevent the guest from being fully
>> destroyed.
>
>Point out the specific lines of code that you think are offending and I'll
>take a look.
Your above comment clarifies matters here, too - since
free_domheap_pages() only removes Xen heap pages from the owning
domain's list, they cannot get assigned for other purposes (and they
would simply get re-added to the list the next time they'd get passed
to share_xen_pages_with_guest()).
Thanks and sorry for the noise, Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|