From 833cce002f0fbebf87a2a71f195b9447e0ef73e5 Mon Sep 17 00:00:00 2001 From: Keir Fraser Date: Thu, 26 Nov 2009 11:02:30 +0000 Subject: [PATCH] x86 shadow: fix race when domain is dying There are some cases that shadow_write_p2m_entry() is called after the domain is killed. It causes Xen to crash. - Race between xc_map_foreign_batch from qemu-dm and "xm destroy" command. - The hypervisor calls domain_crash when PoD fails. Signed-off-by: Kouya Shimura --- xen/arch/x86/mm/p2m.c | 6 ++++++ xen/arch/x86/mm/shadow/common.c | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index aebfdd18a6..e916d46faf 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1221,6 +1221,12 @@ p2m_gfn_to_mfn(struct domain *d, unsigned long gfn, p2m_type_t *t, ASSERT(paging_mode_translate(d)); + if ( unlikely(d->is_dying) ) + { + *t = p2m_invalid; + return _mfn(INVALID_MFN); + } + /* XXX This is for compatibility with the old model, where anything not * XXX marked as RAM was considered to be emulated MMIO space. * XXX Once we start explicitly registering MMIO regions in the p2m diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 94457a3281..f6cc319f86 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -2171,6 +2171,7 @@ static void hash_foreach(struct vcpu *v, /* Say we're here, to stop hash-lookups reordering the chains */ ASSERT(shadow_locked_by_me(d)); + ASSERT(d->arch.paging.shadow.hash_table); ASSERT(d->arch.paging.shadow.hash_walking == 0); d->arch.paging.shadow.hash_walking = 1; @@ -3449,6 +3450,12 @@ shadow_write_p2m_entry(struct vcpu *v, unsigned long gfn, shadow_lock(d); + if ( unlikely(d->is_dying) ) + { + shadow_unlock(d); + return; + } + /* If we're removing an MFN from the p2m, remove it from the shadows too */ if ( level == 1 ) { -- 2.30.2