WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Races with p2m translations and p2m updates

from [George Dunlap] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Races with p2m translations and p2m updates
From: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Date: Fri, 11 Sep 2009 15:21:31 +0100
Delivery-date: Fri, 11 Sep 2009 07:21:57 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=CT4ymI8UBG6ZSnanqdOTVFJrTm5rbyMR/ge4xZ6Bchw=; b=dcQIjxI/SWzDXHTlIDQJubxm/3QC23qhVA0qR8y9b5374+W2m9XRcmsFNVaMnTvaUn Ueb7RXIFVxNBAOlKM4+Wg+VIFyemJSNnrfVmj+CAgSP6H4EYK0mMSdRE2UIvOW6GvV3Z ur21g5vqBg+wQw9OxYiGK5QYvbbo3Mlv6hBfY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=BRW3a++DL0xmdpwXjtHAi4jmn/CKs0zUi8kGSedTU4KRuFRx08i3rFItA8g9f8YP08 7aOxBJsaq2erMulDMEOn2tAvGK0tPAh1iTQ5U5BpeFfhQCh353FRbRQ1r9NKvbU6mAeT +e70EKOwsP8cVNhCek2HTmP5WSEhfTaT6O4bU=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
The p2m translation functions were written at a time when the p2m was,
for the most part, write-once (or, write a bit a the beginning and
then stop).  As a result, most of the code which calls gfn_to_mfn*()
assumes that the p2m isn't going to change: once it has the mfn, it
will map it, write to it, and unmap it, even though there is no
guarantee that the mfn is still in the p2m, or in fact even owned by
the same domain.

The write-once assumption is already broken by the populate-on-demand
feature, and will be broken even more by future features such as page
sharing and page swapping.  The problem with all of these features is
that they remove or change mfns that are backing gfns and then
immediately use them for another purpose: mapping them at a different
gfn, or giving them to a different domain.

I'm planning some work to fix the issue, but I wanted to run it by the
developer list first.

First: The key issue is with features that will, "behind the scenes"
so-to-speak, remove mfns from the p2m and then use them somewhere
else.  This includes the "zero-page sweep" for the populate-on-demand
code, paging out, copy-on-write and page-sharing, probably page
de-fragmentation as well.

I've chatted through a bunch of the issues with Tim Deegan, and the
following is our proposal:

* Change the p2m lock to a multiple-reader-single-writer lock.
gfn_to_mfn*() will return with read lock still held if the translation
succeeds.  The caller is then responsible to release the lock when
it's done using the resulting mfn from the translation.
 + This will take care of all races internal to xen, such as emulation
code and so on.
* If the caller of gfn_to_mfn*()  is going to use the mfn after
holding the lock, it must increase the reference count for the mfn.
 + This will take care of external references, such as those held by qemu
* No p2m entry may be changed if there are outstanding references to
it (refcount > 1).

This means that functions which modify the p2m (e.g.,
guest_physmap_remove_page or guest_physmap_add_entry) may fail, and
callers will need to deal with that.  Hopefully this won't actually
affect any of the current callers, except logdirty, which will have to
be special-cased to leave pages "dirty" which have outstanding
references.  The PoD code already checks the reference count before
reclaiming a page.

Thoughts?  Anything major we missed?

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] Races with p2m translations and p2m updates, George Dunlap <=
Previous by Date:  Re: [Xen-devel] How to build xen.gz with static built-in command line dom0_mem=1024M ?, Pasi Kärkkäinen
Next by Date:  Re: [Xen-devel] Attempt to load 2.6.31-rc8 under Xen 3.4.1 on top of Ubuntu 9.04 Server ( JF's 2.6.31 loaded as vanilla), Boris Derzhavets
Previous by Thread:  Re: [Xen-devel] Attempt to load 2.6.31-rc8 under Xen 3.4.1 on top of Ubuntu 9.04 Server ( JF's 2.6.31 loaded as vanilla), Boris Derzhavets
Next by Thread:  [Xen-devel] regression from IRQ handling changes?, Jan Beulich
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy