[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v3 3/3] tools/libxc/xc_mem_paging_setup.c: FIX- Race condition between initializing shared ring and mempaging.



This patch is meant to fix a known race condition bug in mempaging
ring setup routines. The race condition was between initializing
mem paging and initializing shared ring, earlier the code initialized
mem paging before removing the ring page from guest's physical map
which could enable the guest to interfere with the ring initialisation.
Now the code removes the page from the guest's physical map before
enabling mempaging so that the guest cannot clobber the ring after
we initialise it.

Signed-off-by: Dushyant Behl <myselfdushyantbehl@xxxxxxxxx>
Reviewed-by: Andres Lagar-Cavilla <andres@xxxxxxxxxxxxxxxx>
Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 tools/libxc/xc_mem_paging_setup.c | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/tools/libxc/xc_mem_paging_setup.c 
b/tools/libxc/xc_mem_paging_setup.c
index 9741dc9..12469b4 100644
--- a/tools/libxc/xc_mem_paging_setup.c
+++ b/tools/libxc/xc_mem_paging_setup.c
@@ -76,6 +76,22 @@ int xc_mem_paging_ring_setup(xc_interface *xch,
         }
     }
 
+    /* Clear the ring_pfn */
+    memset(ring_page, 0, PAGE_SIZE);
+
+    rc = xc_domain_pause(xch, domain_id);
+    if ( rc != 0 )
+    {
+        PERROR("Unable to pause domain");
+        return -1;
+    }
+    DPRINTF("Domain pause successful");
+
+    /* Initialise ring */
+    SHARED_RING_INIT((mem_event_sring_t *)ring_page);
+    BACK_RING_INIT(back_ring, (mem_event_sring_t *)ring_page, PAGE_SIZE);
+    DPRINTF("ininialized shared ring");
+
     /* Initialise Xen */
     rc = xc_mem_paging_enable(xch, domain_id, evtchn_port);
     if ( rc != 0 )
@@ -99,6 +115,7 @@ int xc_mem_paging_ring_setup(xc_interface *xch,
         }
         return -1;
     }
+    DPRINTF("enabled mempaging");
 
     /* Bind event notification */
     rc = xc_evtchn_bind_interdomain(xce_handle, domain_id, *evtchn_port);
@@ -109,10 +126,6 @@ int xc_mem_paging_ring_setup(xc_interface *xch,
     }
     *port = rc;
 
-    /* Initialise ring */
-    SHARED_RING_INIT((mem_event_sring_t *)ring_page);
-    BACK_RING_INIT(back_ring, (mem_event_sring_t *)ring_page, PAGE_SIZE);
-
     /* Now that the ring is set, remove it from the guest's physmap */
     if ( xc_domain_decrease_reservation_exact(xch, domain_id, 1, 0, &ring_pfn) 
)
     {
@@ -120,6 +133,14 @@ int xc_mem_paging_ring_setup(xc_interface *xch,
         return -1;
     }
 
+    rc = xc_domain_unpause(xch, domain_id);
+    if ( rc != 0 )
+    {
+        PERROR("Unable to unpause domain");
+        return -1;
+    }
+    DPRINTF("Domain unpause successful");
+
     return 0;
 }
 
-- 
1.9.1


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.