[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Is this a racing bug in page_make_sharable()?

On 2013å01æ11æ 01:25, Tim Deegan wrote:
At 11:36 -0500 on 10 Jan (1357817806), Andres Lagar-Cavilla wrote:
Hi there, thanks for the report. Sorry I didn't respond earlier, fell through 
the cracks.

Having said that...
On Jan 10, 2013, at 8:00 AM, Tim Deegan <tim@xxxxxxx> wrote:


At 23:35 +0800 on 27 Dec (1356651327), Nai Xia wrote:
I think I can construct a bug by interleaving the two code paths:

in guest_remove_page()              |              in page_make_sharable()
if ( p2m_is_shared(p2mt) )                       .....
...                                              .....
page = mfn_to_page(mfn);                         .....

                                                 if (
                                                 d, PGT_shared_page) )
                                                 // success

                                                 if ( page->count_info !=
                                                 (PGC_allocated | (2 +
                                                 expected_refcnt)) ) //
                                                 also pass

if ( unlikely(!get_page(page, d)) )

/* go on to remove page */                       /* go on to add page to
cow domain */

is there anything that can already prevent such racing or is this really
can happen?

I think this race can happen.

Through a p2m entry in a domain. Is this the same domain as the one
for which quest_remove_page is executing?  Then all is serialized
through the p2m lock, no race.

Right, that's what I was missing.  Because guest_remove_page has called
get_gfn_query on the gfn, and not yet called put_gfn(),
page_make_sharable() can't be running.  All is well. :)

I see. Good to see everything working well. :)





Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.