[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [memory sharing] bug on get_page_and_type

At 07:04 +0000 on 11 Feb (1297407854), MaoXiaoyun wrote:
> Thanks Tim.
> 
> After discuss with JuiHao, How about fix in this way?
> 
> 1)  Suppose we have a function,  make_page_unsharable() to substitude
> p2m_is_shared() check, if p2mt is not shared, we increase its type count
> to avoid it turn to shared while using it.

That's a good idea.  I'd rather not have the name be anything to do with
"sharable", but we could have a function that does a p2m lookup and a
get-page-and-type, all under the p2m lock, and use it instead of the
lookup-check-getref idiom elsewhere.

Then if (as you say) the make-shareable and nominate-page actions were
covered by the same lock (or potentially even just called the same
function themselves) we would eliminate a lot of races. 

That will be too big a patch to take before 4.1.0 but I'd consider it
immediately after the release.

Tim.

>  1 int make_page_unsharable(int enable)
>   2 {
>   3     p2m_type_t p2mt;
>   4     unsigned long mfn;
>   5
>   6     p2m_lock()
>   7     mfn = mfn_x(gfn_to_mfn(d, gmfn, &p2mt))
>   8
>   9     if(p2m_is_shared(p2mt)){
> 10         p2m_unlock()
> 11         return 1;
> 12     }
> 13
> 14     get_page_type() / ***increase page type count to avoid page type turn 
> to shared, since in
>                                                    
> mem_sharing_nominate_page->page_make_sharable, only type count zero is
>                                                     allowed to be shared*/
> 15     p2m_unlock()
> 16
>  17     return 0;
> 18 }
> 
> 2) If p2mt is not shared, we must decrease it type count after we finish 
> using it
> 3) To avoid competition, page_make_sharble() and p2m_change_type() in
> mem_sharing_nominate_page() should be protected in same p2m_lock.
> 
> comments?
> 
> 
> > Date: Wed, 9 Feb 2011 09:57:20 +0000
> > From: Tim.Deegan@xxxxxxxxxx
> > To: tinnycloud@xxxxxxxxxxx
> > CC: xen-devel@xxxxxxxxxxxxxxxxxxx; George.Dunlap@xxxxxxxxxxxxx; 
> > juihaochiang@xxxxxxxxx
> > Subject: Re: [Xen-devel] [memory sharing] bug on get_page_and_type
> >
> > At 02:46 +0000 on 09 Feb (1297219562), MaoXiaoyun wrote:
> > > I've been looking into the TOCTOU issue quite a while, but
> > >
> > > 1) There are quite a lot judgements like "p2m_is_shared(p2mt)" or
> > > "p2mt == p2m_ram_shared", which, for me, is hard to tell whom
> > > are need to be protect by p2m_lock and whom are not So is
> > > there a rule to distinguish these?
> >
> > Not particularly. I suspect that most of them will need to be
> > changed, but as I said I hope we can find something nicer than
> > scattering p2m_lock() around non-p2m code.
> >
> > > 2) Could we improve p2m_lock to sparse lock, which maybe better, right?
> >
> > Maybe, but not necessarily. Let's get it working properly first and
> > then we can measure lock contention and see whether fancy locks are
> > worthwhile.
> >
> > Tim.
> >
> > >
> > > > Date: Wed, 2 Feb 2011 16:18:37 +0000
> > > > From: Tim.Deegan@xxxxxxxxxx
> > > > To: tinnycloud@xxxxxxxxxxx
> > > > CC: xen-devel@xxxxxxxxxxxxxxxxxxx; George.Dunlap@xxxxxxxxxxxxx; 
> > > > juihaochiang@xxxxxxxxx
> > > > Subject: Re: [Xen-devel] [memory sharing] bug on get_page_and_type
> > > >
> > > > At 15:43 +0000 on 02 Feb (1296661396), MaoXiaoyun wrote:
> > > > > Hi Tim:
> > > > >
> > > > > Thanks for both your advice and quick reply. I will follow.
> > > > >
> > > > > So at last we should replace shr_lock with p2m_lock.
> > > > > But more complicate, it seems both the
> > > > > *check action* code and *nominate page* code need to be locked ,right?
> > > > > If so, quite a lot of *check action* codes need to be locked.
> > > >
> > > > Yes, I think you're right about that. Unfortunately there are some very
> > > > long TOCTOU windows in those kind of p2m lookups, which will get more
> > > > important as the p2m gets more dynamic. I don't want to have the
> > > > callers of p2m code touching the p2m lock directly so we may need a new
> > > > p2m interface to address it.
> > > >
> > > > Tim.
> > > >
> >
> > --
> > Tim Deegan <Tim.Deegan@xxxxxxxxxx>
> > Principal Software Engineer, Xen Platform Team
> > Citrix Systems UK Ltd. (Company #02937203, SL9 0BG)

-- 
Tim Deegan <Tim.Deegan@xxxxxxxxxx>
Principal Software Engineer, Xen Platform Team
Citrix Systems UK Ltd.  (Company #02937203, SL9 0BG)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.