|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 0 of 3] Resend: correctness race when paging-in
At 12:21 -0500 on 01 Dec (1322742071), Andres Lagar-Cavilla wrote: > P2m_mem_paging_prep ensures that an mfn is backing the paged-out gfn, and > transitions to the next state in the paging state machine for this page. > Foreign mappings of the gfn will now succeed. This is the key idea, as it > allows the pager to now map the gfn and fill in its contents. > > Unfortunately, it also allows any other foreign mapper to map the gfn and read > its contents. This is particularly dangerous when the populate is launched > by a foreign mapper in the first place, which will be actively retrying the > map operation and might race with the pager. Qemu-dm being a prime example. > > Fix the race by allowing a buffer to be optionally passed in the prep > operation, and having the hypervisor memcpy from that buffer into the newly > prepped page before promoting the gfn type. > > Second patch is a tools patch. > > Resent after feedback: xenpaging patch attached, simplified with use of > copy_from_guest. Left potntial short-cut to avoid pging_resume for further > discussion. > > Signed-off-by: Andres Lagar-Cavilla <andres@xxxxxxxxxxxxxxxx> Applied, thanks. Tim. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |