debuggers.hg
changeset 17985:3a40a6997cc0
Do not allow HVM save/restore of a dying domain.
It's not a sensible thing to do, and it is easier than auditing all
state save/restore functions for safety (most importantly, racing
against domain_relinquish_resources).
Also place a spin_barrier on domain_lock after asserting d->is_dying,
allowing critical regions under the domain_lock to safely check
is_dying and avoid races with domain_relinquish_resources().
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
It's not a sensible thing to do, and it is easier than auditing all
state save/restore functions for safety (most importantly, racing
against domain_relinquish_resources).
Also place a spin_barrier on domain_lock after asserting d->is_dying,
allowing critical regions under the domain_lock to safely check
is_dying and avoid races with domain_relinquish_resources().
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Wed Jul 02 17:10:52 2008 +0100 (2008-07-02) |
| parents | b3d827e63a09 |
| children | f2148e532c81 |
| files | xen/common/domain.c xen/common/hvm/save.c |
line diff
1.1 --- a/xen/common/domain.c Wed Jul 02 13:54:20 2008 +0100 1.2 +++ b/xen/common/domain.c Wed Jul 02 17:10:52 2008 +0100 1.3 @@ -341,6 +341,7 @@ int domain_kill(struct domain *d) 1.4 case DOMDYING_alive: 1.5 domain_pause(d); 1.6 d->is_dying = DOMDYING_dying; 1.7 + spin_barrier(&d->domain_lock); 1.8 evtchn_destroy(d); 1.9 gnttab_release_mappings(d); 1.10 /* fallthrough */
2.1 --- a/xen/common/hvm/save.c Wed Jul 02 13:54:20 2008 +0100 2.2 +++ b/xen/common/hvm/save.c Wed Jul 02 17:10:52 2008 +0100 2.3 @@ -84,6 +84,9 @@ int hvm_save(struct domain *d, hvm_domai 2.4 hvm_save_handler handler; 2.5 uint16_t i; 2.6 2.7 + if ( d->is_dying ) 2.8 + return -EINVAL; 2.9 + 2.10 hdr.magic = HVM_FILE_MAGIC; 2.11 hdr.version = HVM_FILE_VERSION; 2.12 2.13 @@ -140,6 +143,9 @@ int hvm_load(struct domain *d, hvm_domai 2.14 hvm_load_handler handler; 2.15 struct vcpu *v; 2.16 2.17 + if ( d->is_dying ) 2.18 + return -EINVAL; 2.19 + 2.20 /* Read the save header, which must be first */ 2.21 if ( hvm_load_entry(HEADER, h, &hdr) != 0 ) 2.22 return -1;