|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] shadow2 corrupting PV guest state
At 14:45 +0900 on 23 Oct (1161614732), Doi.Tsunehisa@xxxxxxxxxxxxxx wrote: > Basically, the referencee should not be released during to exist the > referencer, I think. > > In domain_kill phase, domain_relinquish_resource releases a memory > of destroying domain. So, the memory may use other domain. But, P2M > table of the domain exists, then the memory might be corrupted by > gnttab_copy. > > In __gnttab_copy code, it will avoid to corrupt a memory that was > used in destroying domain with __acquire_grant_for_copy and get_page. > But, I think that it has atomicity issue of owner. Are you worried about a race where the foreign domain is destroyed and another domain created, with the same struct domain pointer, and which owns the same frame, between the __acquire_grant_for_copy() and the get_page()? Earlier in __gnttab_copy, we call find_domain_by_id() on the foreign domain, which calls get_domain(), so we're safe from that. Cheers, Tim. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |