This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-changelog] [xen-4.0-testing] ept: Put locks around ept_get_entry

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-4.0-testing] ept: Put locks around ept_get_entry
From: "Xen patchbot-4.0-testing" <patchbot-4.0-testing@xxxxxxxxxxxxxxxxxxx>
Date: Mon, 30 Aug 2010 20:10:24 -0700
Delivery-date: Mon, 30 Aug 2010 20:11:08 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1283155186 -3600
# Node ID 993458f6c5a0df2cfeeda9552ece6d18839798dc
# Parent  0aafca182acf609bff75425ed85bd5c06d455073
ept: Put locks around ept_get_entry

There's a subtle race in ept_get_entry, such that if tries to read an
entry that ept_set_entry is modifying, it gets neither the old entry
nor the new entry, but empty.  In the case of multi-cpu
populate-on-demand guests, this manifests as a guest crash when one
vcpu tries to read a page which another page is trying to populate,
and ept_get_entry returns p2m_mmio_dm.

This bug can also be fixed by making both ept_set_entry and
ept_next_level access-once (i.e., ept_next_level reads full ept_entry
and then works with local value; ept_set_entry construct the entry
locally and then sets it in one write).  But there doesn't seem to be
any major performance implications of just making ept_get_entry use
locks; so the simpler, the better.

Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxxxxx>
xen-unstable changeset:   22071:c5aed2e049bc
xen-unstable date:        Mon Aug 30 08:39:52 2010 +0100
 xen/arch/x86/mm/hap/p2m-ept.c |    6 ++++++
 1 files changed, 6 insertions(+)

diff -r 0aafca182acf -r 993458f6c5a0 xen/arch/x86/mm/hap/p2m-ept.c
--- a/xen/arch/x86/mm/hap/p2m-ept.c     Mon Aug 30 08:57:08 2010 +0100
+++ b/xen/arch/x86/mm/hap/p2m-ept.c     Mon Aug 30 08:59:46 2010 +0100
@@ -387,6 +387,10 @@ static mfn_t ept_get_entry(struct domain
     int i;
     int ret = 0;
     mfn_t mfn = _mfn(INVALID_MFN);
+    int do_locking = !p2m_locked_by_me(d->arch.p2m);
+    if ( do_locking )
+        p2m_lock(d->arch.p2m);
     *t = p2m_mmio_dm;
@@ -464,6 +468,8 @@ static mfn_t ept_get_entry(struct domain
+    if ( do_locking )
+        p2m_unlock(d->arch.p2m);
     return mfn;

Xen-changelog mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-4.0-testing] ept: Put locks around ept_get_entry, Xen patchbot-4.0-testing <=