[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] shadow2 corrupting PV guest state


At 22:42 +0900 on 20 Oct (1161384159), Doi.Tsunehisa@xxxxxxxxxxxxxx wrote:
>   So, I found that:
>   * Before shadow2 age, x86 and ia64 use same logic for domain
>     destruction.
>     - at first, release gnttab references
>     - destruct page table for VCPU
>     - destruct P2M table for domain
>     - relinquish memory for domain
>   * After shadow2 age, x86 introduces delayed P2M table destruction.
>     - release gnttab references
>     - destruct page table for VCPU
>     - relinquish memory for domain
>     - destruct P2M table for domain in domain_destroy()
>     *** I don't have confidence in my investigation. 
>     *** Am I right ?

Yep.  The P2M table can't be destroyed in domain_relinquish_resources,
as it is needed when pulling down grant references, and foreign domains
may have outstanding grant references to the dying domain's memory even
after domain_relinquish_resources.

>   If my speculation is correct, shadow2 may occur a problem of memory
> corruption.

I don't follow quite why this would lead to memory corruption.  Can you


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.