diff options
| author | Keir Fraser <keir.fraser@citrix.com> | 2008-07-02 17:10:52 +0100 |
|---|---|---|
| committer | Keir Fraser <keir.fraser@citrix.com> | 2008-07-02 17:10:52 +0100 |
| commit | b4d58083caad3c6317877a8404262a28dd437e88 (patch) | |
| tree | 5c953b5466526a18e57ea56d9614ddb9e2801ce4 /xen/common/hvm | |
| parent | de4e0840642f41b2a0feef8a97afc360c734bb2b (diff) | |
| download | xen-b4d58083caad3c6317877a8404262a28dd437e88.tar.gz xen-b4d58083caad3c6317877a8404262a28dd437e88.tar.bz2 xen-b4d58083caad3c6317877a8404262a28dd437e88.zip | |
Do not allow HVM save/restore of a dying domain.
It's not a sensible thing to do, and it is easier than auditing all
state save/restore functions for safety (most importantly, racing
against domain_relinquish_resources).
Also place a spin_barrier on domain_lock after asserting d->is_dying,
allowing critical regions under the domain_lock to safely check
is_dying and avoid races with domain_relinquish_resources().
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Diffstat (limited to 'xen/common/hvm')
| -rw-r--r-- | xen/common/hvm/save.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/xen/common/hvm/save.c b/xen/common/hvm/save.c index 3079363676..cb3cf66885 100644 --- a/xen/common/hvm/save.c +++ b/xen/common/hvm/save.c @@ -84,6 +84,9 @@ int hvm_save(struct domain *d, hvm_domain_context_t *h) hvm_save_handler handler; uint16_t i; + if ( d->is_dying ) + return -EINVAL; + hdr.magic = HVM_FILE_MAGIC; hdr.version = HVM_FILE_VERSION; @@ -140,6 +143,9 @@ int hvm_load(struct domain *d, hvm_domain_context_t *h) hvm_load_handler handler; struct vcpu *v; + if ( d->is_dying ) + return -EINVAL; + /* Read the save header, which must be first */ if ( hvm_load_entry(HEADER, h, &hdr) != 0 ) return -1; |