[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] xenpaging:close domU's event channel and free port



At 16:53 +0800 on 09 Feb (1328806434), hongkaixing@xxxxxxxxxx wrote:
> # HG changeset patch
> # User h00166998@xxxxxxxxxxxxxxxxxxxxxxxxxx
> # Date 1328777452 -28800
> # Node ID 9f4640e40d4f31563885427a5a8d9eae2e110514
> # Parent  8ba7ae0b070b4de93fc033067c61714c202d64c1
> xenpaging:close domU's event channel and free port
> 
> Every domain (X86 64 bit)has 4096 event channels.In source code,
> domU's event channel is allocated in mem_event_enable(),but just
> unbind dom0's event channel in xenpaging_teardown().This bug will
> result in that we can not use xenpaging after reopening it for 4096
> times.We should free domU's event channel in mem_event_disable().so
> that we can reuse the port.

Yep, looks like a bug.

> diff -r 8ba7ae0b070b -r 9f4640e40d4f xen/arch/x86/mm/mem_event.c
> --- a/xen/arch/x86/mm/mem_event.c     Tue Feb 07 18:46:50 2012 +0000
> +++ b/xen/arch/x86/mm/mem_event.c     Thu Feb 09 16:50:52 2012 +0800
> @@ -241,7 +241,12 @@
>              mem_event_ring_unlock(med);
>              return -EBUSY;
>          }
> -
> +        
> +        if( med->shared_page!=NULL )
> +        {
> +            free_xen_event_channel(d->vcpu[0], (med->shared_page)->port);
> +        }
> +             

But you shouldn't use the value from the shared page, in case it has
been corrupted by a buggy or malicious guest.  Can you please save the
event channel in a new field in struct mem_event_domain, so the guest
can't overwrite it?

Cheers,

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.