WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] Fix read-to-use race condition in shadow code

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [PATCH] Fix read-to-use race condition in shadow code
From: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Date: Mon, 12 Apr 2010 17:05:12 +0100
Delivery-date: Mon, 12 Apr 2010 09:11:28 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:date :x-google-sender-auth:received:message-id:subject:from:to :content-type; bh=L0xBICuJaubz0uO0hFkqnvOWGvQ4WDHsUhv36OLiboo=; b=B3ybyRNJn+IFXPS6H1t2HbjyIWhHugbpr2ZRLvDmhsST6j6N5CZD0+KBkN8B9OUib0 vR+3Dh+fy1wvpDVSAu+ZPeGWc6dmM+ZuL9WfP9NTok9XOTrsUhRfhcANZ1RySPVT+7uJ 0Vkk4GQLDnfwWCJh/vcGiytdKpejoYNhPNsAc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=U52E/EzCyWom4iQn+nAY3BUZ2jfKUF2zWEvEA1Z1bKmJeMme4mlponZepNAFeNdqPN MWNEq+80KtnO9PSTinpl1x8YHYh1fZvX9okQi06rmfbYey8W9M1RWqfVAuPkpPU3KvBS pNXWRsaMg6kHtFoX896srecvRADWT1XZpgYQI=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
If OOS mode is enabled, after last possible resync, read the guest l1e
one last time.  If it's different than the original read, start over
again.

This fixes a race which can result in inconsistent in-sync shadow
tables, leading to corruption:

v1: take page fault, read gl1e from an out-of-sync PT.
v2: modify gl1e, lowering permissions
[v1,v3]: resync l1 which was just read.
v1: propagate change to l1 shadow using stale gl1e

Now we have an in-sync shadow with more permissions than the guest.

The resync can happen either as a result of a 3rd vcpu doing a cr3
update, or under certain conditions by v1 itself.

This should probably be back-ported to 3.4.x and 4.0.x.

Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxxxxx>

Attachment: 20100412-unstable-fix-gw-to-propagate-race.diff
Description: Text Data

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] Fix read-to-use race condition in shadow code, George Dunlap <=