[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH MM-PART2 RESEND v2 16/19] xen/arm: mm: Protect Xen page-table update with a spinlock

To: Julien Grall <julien.grall@xxxxxxx>
From: Stefano Stabellini <sstabellini@xxxxxxxxxx>
Date: Tue, 4 Jun 2019 16:11:51 -0700 (PDT)
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrii_Anisov@xxxxxxxx, Oleksandr_Tyshchenko@xxxxxxxx
Delivery-date: Tue, 04 Jun 2019 23:11:54 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, 14 May 2019, Julien Grall wrote:
> The function create_xen_entries() may be called concurrently. For
> instance, while the vmap allocation is protected by a spinlock, the
> mapping is not.

Do you have an example of potential concurrent calls of
create_xen_entries() which doesn't involve concurrent vmaps (because
vmaps are already protected by their spinlock)? vmap + something_else
for instance?


> The implementation create_xen_entries() contains quite a few TOCTOU
> races such as when allocating the 3rd-level page-tables.
> 
> Thankfully, they are pretty hard to reach as page-tables are allocated
> once and never released. Yet it is possible, so we need to protect with
> a spinlock to avoid corrupting the page-tables.
> 
> Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
> 
> ---
>     Changes in v2:
>         - Rework the commit message
> ---
>  xen/arch/arm/mm.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
> index 9a5f2e1c3f..7502a14760 100644
> --- a/xen/arch/arm/mm.c
> +++ b/xen/arch/arm/mm.c
> @@ -974,6 +974,8 @@ enum xenmap_operation {
>      RESERVE
>  };
>  
> +static DEFINE_SPINLOCK(xen_pt_lock);
> +
>  static int create_xen_entries(enum xenmap_operation op,
>                                unsigned long virt,
>                                mfn_t mfn,
> @@ -985,6 +987,8 @@ static int create_xen_entries(enum xenmap_operation op,
>      lpae_t pte, *entry;
>      lpae_t *third = NULL;
>  
> +    spin_lock(&xen_pt_lock);
> +
>      for(; addr < addr_end; addr += PAGE_SIZE, mfn = mfn_add(mfn, 1))
>      {
>          entry = &xen_second[second_linear_offset(addr)];
> @@ -1059,6 +1063,8 @@ out:
>       */
>      flush_xen_tlb_range_va(virt, PAGE_SIZE * nr_mfns);
>  
> +    spin_unlock(&xen_pt_lock);
> +
>      return rc;
>  }
>  
> -- 
> 2.11.0
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH MM-PART2 RESEND v2 16/19] xen/arm: mm: Protect Xen page-table update with a spinlock
  - From: Julien Grall

Prev by Date: Re: [Xen-devel] [PATCH MM-PART2 RESEND v2 14/19] xen/arm32: mm: Avoid cleaning the cache for secondary CPUs page-tables
Next by Date: Re: [Xen-devel] [PATCH MM-PART2 RESEND v2 17/19] xen/arm: mm: Initialize page-tables earlier
Previous by thread: Re: [Xen-devel] [PATCH MM-PART2 RESEND v2 14/19] xen/arm32: mm: Avoid cleaning the cache for secondary CPUs page-tables
Next by thread: Re: [Xen-devel] [PATCH MM-PART2 RESEND v2 16/19] xen/arm: mm: Protect Xen page-table update with a spinlock
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.