From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tim Deegan <tim@xen.org>
Subject: Re: [PATCH] xenpaging:close domU's event channel and
	free port
Date: Fri, 10 Feb 2012 16:22:52 +0000
Message-ID: <20120210162252.GG32107@ocelot.phlegethon.org>
References: <9f4640e40d4f31563885.1328777634@h00166998.china.huawei.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <9f4640e40d4f31563885.1328777634@h00166998.china.huawei.com>
List-Unsubscribe: <http://lists.xensource.com/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: hongkaixing@huawei.com
Cc: xiaowei.yang@huawei.com, Olaf Hering <olaf@aepfle.de>, xen-devel@lists.xensource.com, hanweidong@huawei.com, yanqiangjun@huawei.com, bicky.shi@huawei.com
List-Id: xen-devel@lists.xenproject.org

At 16:53 +0800 on 09 Feb (1328806434), hongkaixing@huawei.com wrote:
> # HG changeset patch
> # User h00166998@h00166998.china.huawei.com
> # Date 1328777452 -28800
> # Node ID 9f4640e40d4f31563885427a5a8d9eae2e110514
> # Parent  8ba7ae0b070b4de93fc033067c61714c202d64c1
> xenpaging:close domU's event channel and free port
> 
> Every domain (X86 64 bit)has 4096 event channels.In source code,
> domU's event channel is allocated in mem_event_enable(),but just
> unbind dom0's event channel in xenpaging_teardown().This bug will
> result in that we can not use xenpaging after reopening it for 4096
> times.We should free domU's event channel in mem_event_disable().so
> that we can reuse the port.

Yep, looks like a bug.

> diff -r 8ba7ae0b070b -r 9f4640e40d4f xen/arch/x86/mm/mem_event.c
> --- a/xen/arch/x86/mm/mem_event.c	Tue Feb 07 18:46:50 2012 +0000
> +++ b/xen/arch/x86/mm/mem_event.c	Thu Feb 09 16:50:52 2012 +0800
> @@ -241,7 +241,12 @@
>              mem_event_ring_unlock(med);
>              return -EBUSY;
>          }
> -
> +        
> +        if( med->shared_page!=NULL )
> +        {
> +            free_xen_event_channel(d->vcpu[0], (med->shared_page)->port);
> +        }
> +             

But you shouldn't use the value from the shared page, in case it has
been corrupted by a buggy or malicious guest.  Can you please save the
event channel in a new field in struct mem_event_domain, so the guest
can't overwrite it?

Cheers,

Tim.