|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] tracking of Xen heap pages shared with guest
>>> Keir Fraser <keir.fraser@xxxxxxxxxxxxx> 14.03.08 14:48 >>> >On 14/3/08 13:41, "Jan Beulich" <jbeulich@xxxxxxxxxx> wrote: > >> Right, but the question was - what if the guest erroneously or >> maliciously frees the page? If there's indeed no extra reference, then >> the page (which Xen will continue to write to) may get assigned to a >> different domain, including dom0, and hence the whole system could >> get at risk. > >It cannot be freed by the guest. Note that free_domheap_pages() is a no-op >for Xen-heap pages. Ah, right. I keep getting confused by this special treatment of the Xen heap. >>> I'm no expert on xenoprof. I've cc'ed Renato. >>> >>> Wouldn't dom0 mappings bump the page reference count, and this would prevent >>> the domU being destroyed (remember that non-empty domain page ownership >>> lists hold a domain reference)? >> >> As I understand it, the pages get shared with dom0, so ownership also >> transfers to dom0, which doesn't prevent the guest from being fully >> destroyed. > >Point out the specific lines of code that you think are offending and I'll >take a look. Your above comment clarifies matters here, too - since free_domheap_pages() only removes Xen heap pages from the owning domain's list, they cannot get assigned for other purposes (and they would simply get re-added to the list the next time they'd get passed to share_xen_pages_with_guest()). Thanks and sorry for the noise, Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |