WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] tracking of Xen heap pages shared with guest

>>> Keir Fraser <keir.fraser@xxxxxxxxxxxxx> 14.03.08 14:48 >>>
>On 14/3/08 13:41, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote:
>
>> Right, but the question was - what if the guest erroneously or
>> maliciously frees the page? If there's indeed no extra reference, then
>> the page (which Xen will continue to write to) may get assigned to a
>> different domain, including dom0, and hence the whole system could
>> get at risk.
>
>It cannot be freed by the guest. Note that free_domheap_pages() is a no-op
>for Xen-heap pages.

Ah, right. I keep getting confused by this special treatment of the Xen
heap.

>>> I'm no expert on xenoprof. I've cc'ed Renato.
>>> 
>>> Wouldn't dom0 mappings bump the page reference count, and this would prevent
>>> the domU being destroyed (remember that non-empty domain page ownership
>>> lists hold a domain reference)?
>> 
>> As I understand it, the pages get shared with dom0, so ownership also
>> transfers to dom0, which doesn't prevent the guest from being fully
>> destroyed.
>
>Point out the specific lines of code that you think are offending and I'll
>take a look.

Your above comment clarifies matters here, too - since
free_domheap_pages() only removes Xen heap pages from the owning
domain's list, they cannot get assigned for other purposes (and they
would simply get re-added to the list the next time they'd get passed
to share_xen_pages_with_guest()).

Thanks and sorry for the noise, Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel