[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] shadow2 corrupting PV guest state

At 14:45 +0900 on 23 Oct (1161614732), Doi.Tsunehisa@xxxxxxxxxxxxxx wrote:
>   Basically, the referencee should not be released during to exist the
> referencer, I think.
>   In domain_kill phase, domain_relinquish_resource releases a memory
> of destroying domain. So, the memory may use other domain. But, P2M
> table of the domain exists, then the memory might be corrupted by
> gnttab_copy.
>   In __gnttab_copy code, it will avoid to corrupt a memory that was
> used in destroying domain with __acquire_grant_for_copy and get_page.
> But, I think that it has atomicity issue of owner.

Are you worried about a race where the foreign domain is destroyed and
another domain created, with the same struct domain pointer, and which
owns the same frame, between the __acquire_grant_for_copy() and the

Earlier in __gnttab_copy, we call find_domain_by_id() on the foreign
domain, which calls get_domain(), so we're safe from that.



Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.