xen-changelog

[Top] [All Lists]

[Xen-changelog] [xen-4.0-testing] ept: Put locks around ept_get_entry

from [Xen patchbot-4.0-testing]

[Permanent Link][Original]

To:	xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-changelog] [xen-4.0-testing] ept: Put locks around ept_get_entry
From:	"Xen patchbot-4.0-testing" <patchbot-4.0-testing@xxxxxxxxxxxxxxxxxxx>
Date:	Mon, 30 Aug 2010 20:10:24 -0700
Delivery-date:	Mon, 30 Aug 2010 20:11:08 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id:	BK change log <xen-changelog.lists.xensource.com>
List-post:	<mailto:xen-changelog@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to:	xen-devel@xxxxxxxxxxxxxxxxxxx
Sender:	xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1283155186 -3600
# Node ID 993458f6c5a0df2cfeeda9552ece6d18839798dc
# Parent  0aafca182acf609bff75425ed85bd5c06d455073
ept: Put locks around ept_get_entry

There's a subtle race in ept_get_entry, such that if tries to read an
entry that ept_set_entry is modifying, it gets neither the old entry
nor the new entry, but empty.  In the case of multi-cpu
populate-on-demand guests, this manifests as a guest crash when one
vcpu tries to read a page which another page is trying to populate,
and ept_get_entry returns p2m_mmio_dm.

This bug can also be fixed by making both ept_set_entry and
ept_next_level access-once (i.e., ept_next_level reads full ept_entry
and then works with local value; ept_set_entry construct the entry
locally and then sets it in one write).  But there doesn't seem to be
any major performance implications of just making ept_get_entry use
locks; so the simpler, the better.

Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxxxxx>
xen-unstable changeset:   22071:c5aed2e049bc
xen-unstable date:        Mon Aug 30 08:39:52 2010 +0100
---
 xen/arch/x86/mm/hap/p2m-ept.c |    6 ++++++
 1 files changed, 6 insertions(+)

diff -r 0aafca182acf -r 993458f6c5a0 xen/arch/x86/mm/hap/p2m-ept.c
--- a/xen/arch/x86/mm/hap/p2m-ept.c     Mon Aug 30 08:57:08 2010 +0100
+++ b/xen/arch/x86/mm/hap/p2m-ept.c     Mon Aug 30 08:59:46 2010 +0100
@@ -387,6 +387,10 @@ static mfn_t ept_get_entry(struct domain
     int i;
     int ret = 0;
     mfn_t mfn = _mfn(INVALID_MFN);
+    int do_locking = !p2m_locked_by_me(d->arch.p2m);
+
+    if ( do_locking )
+        p2m_lock(d->arch.p2m);
 
     *t = p2m_mmio_dm;
 
@@ -464,6 +468,8 @@ static mfn_t ept_get_entry(struct domain
     }
 
 out:
+    if ( do_locking )
+        p2m_unlock(d->arch.p2m);
     unmap_domain_page(table);
     return mfn;
 }

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-changelog] [xen-4.0-testing] ept: Put locks around ept_get_entry, Xen patchbot-4.0-testing <=

Previous by Date:	[Xen-changelog] [xen-4.0-testing] Fix typo in audit_p2m(), SHARED_P2M_ENTRY does not exist., Xen patchbot-4.0-testing
Next by Date:	[Xen-changelog] [xen-4.0-testing] VT-d: Hardware require RH bit to be set in IRTE when delivery mode is LPR, Xen patchbot-4.0-testing
Previous by Thread:	[Xen-changelog] [xen-4.0-testing] Fix typo in audit_p2m(), SHARED_P2M_ENTRY does not exist., Xen patchbot-4.0-testing
Next by Thread:	[Xen-changelog] [xen-4.0-testing] VT-d: Hardware require RH bit to be set in IRTE when delivery mode is LPR, Xen patchbot-4.0-testing
Indexes:	[Date] [Thread] [Top] [All Lists]