|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] xenpaging:close domU's event channel and free port
At 16:53 +0800 on 09 Feb (1328806434), hongkaixing@xxxxxxxxxx wrote:
> # HG changeset patch
> # User h00166998@xxxxxxxxxxxxxxxxxxxxxxxxxx
> # Date 1328777452 -28800
> # Node ID 9f4640e40d4f31563885427a5a8d9eae2e110514
> # Parent 8ba7ae0b070b4de93fc033067c61714c202d64c1
> xenpaging:close domU's event channel and free port
>
> Every domain (X86 64 bit)has 4096 event channels.In source code,
> domU's event channel is allocated in mem_event_enable(),but just
> unbind dom0's event channel in xenpaging_teardown().This bug will
> result in that we can not use xenpaging after reopening it for 4096
> times.We should free domU's event channel in mem_event_disable().so
> that we can reuse the port.
Yep, looks like a bug.
> diff -r 8ba7ae0b070b -r 9f4640e40d4f xen/arch/x86/mm/mem_event.c
> --- a/xen/arch/x86/mm/mem_event.c Tue Feb 07 18:46:50 2012 +0000
> +++ b/xen/arch/x86/mm/mem_event.c Thu Feb 09 16:50:52 2012 +0800
> @@ -241,7 +241,12 @@
> mem_event_ring_unlock(med);
> return -EBUSY;
> }
> -
> +
> + if( med->shared_page!=NULL )
> + {
> + free_xen_event_channel(d->vcpu[0], (med->shared_page)->port);
> + }
> +
But you shouldn't use the value from the shared page, in case it has
been corrupted by a buggy or malicious guest. Can you please save the
event channel in a new field in struct mem_event_domain, so the guest
can't overwrite it?
Cheers,
Tim.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |