[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] Is this a racing bug in page_make_sharable()?
On 2013å01æ11æ 01:25, Tim Deegan wrote:
At 11:36 -0500 on 10 Jan (1357817806), Andres Lagar-Cavilla wrote:
Hi there, thanks for the report. Sorry I didn't respond earlier, fell through
the cracks.
Having said that...
On Jan 10, 2013, at 8:00 AM, Tim Deegan <tim@xxxxxxx> wrote:
Hi,
At 23:35 +0800 on 27 Dec (1356651327), Nai Xia wrote:
I think I can construct a bug by interleaving the two code paths:
in guest_remove_page() | in page_make_sharable()
------------------------------------------------------------------------------------------------------------------------------
if ( p2m_is_shared(p2mt) ) .....
... .....
page = mfn_to_page(mfn); .....
.....
if (
!get_page_and_type(page,
d, PGT_shared_page) )
// success
.........
if ( page->count_info !=
(PGC_allocated | (2 +
expected_refcnt)) ) //
also pass
if ( unlikely(!get_page(page, d)) )
/* go on to remove page */ /* go on to add page to
cow domain */
-------------------------------------------------------------------------------------------------------------------------------------
is there anything that can already prevent such racing or is this really
can happen?
I think this race can happen.
Through a p2m entry in a domain. Is this the same domain as the one
for which quest_remove_page is executing? Then all is serialized
through the p2m lock, no race.
Right, that's what I was missing. Because guest_remove_page has called
get_gfn_query on the gfn, and not yet called put_gfn(),
page_make_sharable() can't be running. All is well. :)
I see. Good to see everything working well. :)
Thanks,
Nai
Thanks,
Tim.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
