From: Tim Deegan <tim@xen.org>
To: hongkaixing@huawei.com
Cc: xiaowei.yang@huawei.com, Olaf Hering <olaf@aepfle.de>,
xen-devel@lists.xensource.com, hanweidong@huawei.com,
yanqiangjun@huawei.com, bicky.shi@huawei.com
Subject: Re: [PATCH] xenpaging:close domU's event channel and free port
Date: Fri, 10 Feb 2012 16:22:52 +0000 [thread overview]
Message-ID: <20120210162252.GG32107@ocelot.phlegethon.org> (raw)
In-Reply-To: <9f4640e40d4f31563885.1328777634@h00166998.china.huawei.com>
At 16:53 +0800 on 09 Feb (1328806434), hongkaixing@huawei.com wrote:
> # HG changeset patch
> # User h00166998@h00166998.china.huawei.com
> # Date 1328777452 -28800
> # Node ID 9f4640e40d4f31563885427a5a8d9eae2e110514
> # Parent 8ba7ae0b070b4de93fc033067c61714c202d64c1
> xenpaging:close domU's event channel and free port
>
> Every domain (X86 64 bit)has 4096 event channels.In source code,
> domU's event channel is allocated in mem_event_enable(),but just
> unbind dom0's event channel in xenpaging_teardown().This bug will
> result in that we can not use xenpaging after reopening it for 4096
> times.We should free domU's event channel in mem_event_disable().so
> that we can reuse the port.
Yep, looks like a bug.
> diff -r 8ba7ae0b070b -r 9f4640e40d4f xen/arch/x86/mm/mem_event.c
> --- a/xen/arch/x86/mm/mem_event.c Tue Feb 07 18:46:50 2012 +0000
> +++ b/xen/arch/x86/mm/mem_event.c Thu Feb 09 16:50:52 2012 +0800
> @@ -241,7 +241,12 @@
> mem_event_ring_unlock(med);
> return -EBUSY;
> }
> -
> +
> + if( med->shared_page!=NULL )
> + {
> + free_xen_event_channel(d->vcpu[0], (med->shared_page)->port);
> + }
> +
But you shouldn't use the value from the shared page, in case it has
been corrupted by a buggy or malicious guest. Can you please save the
event channel in a new field in struct mem_event_domain, so the guest
can't overwrite it?
Cheers,
Tim.
next prev parent reply other threads:[~2012-02-10 16:22 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 8:53 [PATCH] xenpaging:close domU's event channel and free port hongkaixing
2012-02-10 16:22 ` Tim Deegan [this message]
2012-02-10 16:32 ` Andrew Cooper
2012-02-10 16:40 ` Olaf Hering
2012-02-13 5:47 ` Hongkaixing
2012-02-13 12:11 ` Ian Campbell
2012-02-15 2:24 ` Hongkaixing
2012-02-15 9:27 ` Ian Campbell
2012-02-17 6:21 ` Hongkaixing
2012-02-17 8:20 ` Ian Campbell
2012-02-17 10:28 ` Hongkaixing
2012-02-14 20:59 ` Olaf Hering
2012-02-14 21:19 ` Olaf Hering
2012-02-15 2:33 ` Hongkaixing
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120210162252.GG32107@ocelot.phlegethon.org \
--to=tim@xen.org \
--cc=bicky.shi@huawei.com \
--cc=hanweidong@huawei.com \
--cc=hongkaixing@huawei.com \
--cc=olaf@aepfle.de \
--cc=xen-devel@lists.xensource.com \
--cc=xiaowei.yang@huawei.com \
--cc=yanqiangjun@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).