On 23.12.2019 17:43, George Dunlap wrote: > The comment about the "force-invalidate" loop gives two reasons for > its existence: > > 1. Breaking circular "linear pagetable" references > > 2. Cleaning up partially-validated pages. > > The first reason been invalid since XSA-240: Since then it hasn't been > possible to generate circular linear pagetable references. > > The second reason has been invalid since long before that: Before > calling relinquish_memory(), domain_relinquish_resources() calls > vcpu_destroy_pagetables() on each vcpu; this will in turn call > put_old_guest_table() on each vcpu. The result should be that it's > not possible to have top-level partially-devalidated pagetables by the > time we get to relinquish_memory().
There's a subtle difference: Up in the enumeration you correctly say "partially-validated pages". Down here you also correctly state that put_old_guest_table() deals with partially-devalidated pagetables. The latter indeed shouldn't be able to make it here, but what about ones that have been partially validated (and hence not put into ->arch.old_guest_table) while the domain was still alive? (I think the code change is still correct, because partially validated pages ought to be taken care of correctly, but I'd prefer if the description matched the change.) Jan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
