|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] shadow2 corrupting PV guest state
You (Keir.Fraser) said:
>>> True, but we don't look at nd unless the page is allocated...
>>
>> Between domain_relinquish_resources() in domain_kill() and
>> shadow_final_teadown() in domain_destroy(), nd might be looked
>> with gnttab_copy(), I think.
>
> Domain_destroy() is only called when the domain refcnt reaches zero. This
> can only happen when all its page refcnts have reached zero. When a page's
> refcnt reaches zero, get_page() no longer succeeds on it. So there is no
> race between gnttab_copy() and domain_destroy().
I see.
I want to confirm that...
In free_domheap_pages(), if the page counts of each section are zero,
then domain refcount is decreased. Finaly the domain refcount is zero,
and domain_destroy() is called.
In the other hand, get_page checks page count like below...
.....
if ( unlikely((x & PGC_count_mask) == 0) || /* Not allocated? */
unlikely((nx & PGC_count_mask) == 0) || /* Count overflow? */
unlikely(d != _domain) ) /* Wrong owner? */
.....
Thus, get_page can't succeeds on it.
Is my understaning is right ?
Thanks,
- Tsunehisa Doi
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |