[PATCH] x86/mm: disallow mmu hypercalls for a dying domain

[PATCH] x86/mm: disallow mmu hypercalls for a dying domain

[Kouya Shimura]

[-- Attachment #1: message body text --]
[-- Type: text/plain, Size: 107 bytes --]

The race condition should be avoided for efficiency.

Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>


[-- Attachment #2: hypercalls_for_dying_dom.patch --]
[-- Type: text/x-patch, Size: 600 bytes --]

diff -r ba68bb0d229c xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c	Thu Nov 26 15:27:00 2009 +0000
+++ b/xen/arch/x86/mm.c	Fri Nov 27 15:08:41 2009 +0900
@@ -2537,6 +2537,13 @@ static struct domain *get_pg_owner(domid
             MEM_LOG("Unknown domain '%u'", domid);
             break;
         }
+        if ( unlikely(pg_owner->is_dying) )
+        {
+            MEM_LOG("Domain is dying");
+            rcu_unlock_domain(pg_owner);
+            pg_owner = NULL;
+            break;
+        }
         if ( !IS_PRIV_FOR(curr, pg_owner) )
         {
             MEM_LOG("Cannot set foreign dom");

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: [PATCH] x86/mm: disallow mmu hypercalls for a dying domain

[Keir Fraser]

Since the check is made with no locks held, I don't think any race can be
completely avoided here. I'm not sure the performance argument holds much
water either -- this just looks like a pointless extra check.

 -- Keir

On 27/11/2009 06:22, "Kouya Shimura" <kouya@jp.fujitsu.com> wrote:

> The race condition should be avoided for efficiency.
> 
> Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
> 

Re: [PATCH] x86/mm: disallow mmu hypercalls for a dying domain

[Kouya Shimura]

I observed that dom0 kept on issuing a mmu_update hypercall while the
domain is dying. So I don't feel happy with it. 
But I'm ok if the patch is dropped.

Thanks,
Kouya

Keir Fraser writes:
> Since the check is made with no locks held, I don't think any race can be
> completely avoided here. I'm not sure the performance argument holds much
> water either -- this just looks like a pointless extra check.
> 
>  -- Keir
> 
> On 27/11/2009 06:22, "Kouya Shimura" <kouya@jp.fujitsu.com> wrote:
> 
> > The race condition should be avoided for efficiency.
> > 
> > Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
> > 
> 

Re: [PATCH] x86/mm: disallow mmu hypercalls for a dying domain

[Keir Fraser]

Probably coming from dom0 userspace somewhere, such as qemu. By the time you
get down to the hypercall implementation in Xen, you've already done the
expensive traps via dom0 kernel.

 -- Keir

On 27/11/2009 09:10, "Kouya Shimura" <kouya@jp.fujitsu.com> wrote:

> I observed that dom0 kept on issuing a mmu_update hypercall while the
> domain is dying. So I don't feel happy with it.
> But I'm ok if the patch is dropped.
> 
> Thanks,
> Kouya
> 
> Keir Fraser writes:
>> Since the check is made with no locks held, I don't think any race can be
>> completely avoided here. I'm not sure the performance argument holds much
>> water either -- this just looks like a pointless extra check.
>> 
>>  -- Keir
>> 
>> On 27/11/2009 06:22, "Kouya Shimura" <kouya@jp.fujitsu.com> wrote:
>> 
>>> The race condition should be avoided for efficiency.
>>> 
>>> Signed-off-by: Kouya Shimura <kouya@jp.fujitsu.com>
>>> 
>>