[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] libxc/Linux: Add VM_DONTCOPY flag of the VMA of the hypercall buffer
# HG changeset patch # User Wangzhenguo <wangzhenguo@xxxxxxxxxx> # Date 1345211208 -3600 # Node ID b021cca938e55bb1d9fae4f1fd4df1a2d20db215 # Parent 71a6727651110ac53b8ffe17a9a799d73a511131 libxc/Linux: Add VM_DONTCOPY flag of the VMA of the hypercall buffer This avoids the hypercall buffer becoming CoW on fork. In multi-threads and multi-processes environment, e.g. the process has two threads, thread A may call hypercall, thread B may call fork() to create child process. After forking, all pages of the process including hypercall buffers are cow. It will cause a write protection and return EFAULT error if hypervisor calls copy_to_user in hypercall in thread A context, Fix: 1. Before hypercall: use MADV_DONTFORK of madvise syscall to make the hypercall buffer not to be copied to child process after fork. 2. After hypercall: undo the effect of MADV_DONTFORK for the hypercall buffer by using MADV_DOFORK of madvise syscall. 3. Use mmap/nunmap for memory alloc/free instead of malloc/free to bypass libc. Note: Child processes must not use the opened xc_{interface,evtchn,gnttab,gntshr} handle that inherits from parents. They should reopen the handle if they want to interact with xc. Otherwise, it may cause segment fault to access hypercall buffer caches of the handle. Signed-off-by: Zhenguo Wang <wangzhenguo@xxxxxxxxxx> Signed-off-by: Xiaowei Yang <xiaowei.yang@xxxxxxxxxx> Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx> [ ijc -- s/ptr/p/ to fix build & tweaked the wording of the comments slightly. ] Committed-by: Ian Campbell <ian.campbell@xxxxxxxxxx> --- diff -r 71a672765111 -r b021cca938e5 tools/libxc/xc_linux_osdep.c --- a/tools/libxc/xc_linux_osdep.c Fri Aug 17 14:10:26 2012 +0100 +++ b/tools/libxc/xc_linux_osdep.c Fri Aug 17 14:46:48 2012 +0100 @@ -93,22 +93,21 @@ static void *linux_privcmd_alloc_hyperca size_t size = npages * XC_PAGE_SIZE; void *p; - p = xc_memalign(xch, XC_PAGE_SIZE, size); - if (!p) - return NULL; + /* Address returned by mmap is page aligned. */ + p = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_LOCKED, -1, 0); - if ( mlock(p, size) < 0 ) - { - free(p); - return NULL; - } + /* Do not copy the VMA to child process on fork. Avoid the page being COW + on hypercall. */ + madvise(p, npages * XC_PAGE_SIZE, MADV_DONTFORK); return p; } static void linux_privcmd_free_hypercall_buffer(xc_interface *xch, xc_osdep_handle h, void *ptr, int npages) { - munlock(ptr, npages * XC_PAGE_SIZE); - free(ptr); + /* Recover the VMA flags. Maybe it's not necessary */ + madvise(ptr, npages * XC_PAGE_SIZE, MADV_DOFORK); + + munmap(ptr, npages * XC_PAGE_SIZE); } static int linux_privcmd_hypercall(xc_interface *xch, xc_osdep_handle h, privcmd_hypercall_t *hypercall) diff -r 71a672765111 -r b021cca938e5 tools/libxc/xenctrl.h --- a/tools/libxc/xenctrl.h Fri Aug 17 14:10:26 2012 +0100 +++ b/tools/libxc/xenctrl.h Fri Aug 17 14:46:48 2012 +0100 @@ -134,6 +134,12 @@ typedef enum xc_error_code xc_error_code * be called multiple times within a single process. Multiple processes can * have an open hypervisor interface at the same time. * + * Note: + * Child processes must not use the opened xc interface handle that inherits + * from parents. They should reopen the handle if they want to interact with + * xc. Otherwise, it may cause segment fault to access hypercall buffer caches + * of the handle. + * * Each call to this function should have a corresponding call to * xc_interface_close(). * @@ -908,6 +914,12 @@ int xc_evtchn_status(xc_interface *xch, * Return a handle to the event channel driver, or -1 on failure, in which case * errno will be set appropriately. * + * Note: + * Child processes must not use the opened xc evtchn handle that inherits from + * parents. They should reopen the handle if they want to interact with xc. + * Otherwise, it may cause segment fault to access hypercall buffer caches of + * the handle. + * * Before Xen pre-4.1 this function would sometimes report errors with perror. */ xc_evtchn *xc_evtchn_open(xentoollog_logger *logger, @@ -1339,9 +1351,13 @@ int xc_domain_subscribe_for_suspend( /* * These functions sometimes log messages as above, but not always. - */ - -/* + * + * Note: + * Child processes must not use the opened xc gnttab handle that inherits from + * parents. They should reopen the handle if they want to interact with xc. + * Otherwise, it may cause segment fault to access hypercall buffer caches of + * the handle. + * * Return an fd onto the grant table driver. Logs errors. */ xc_gnttab *xc_gnttab_open(xentoollog_logger *logger, @@ -1458,6 +1474,13 @@ grant_entry_v2_t *xc_gnttab_map_table_v2 /* * Return an fd onto the grant sharing driver. Logs errors. + * + * Note: + * Child processes must not use the opened xc gntshr handle that inherits from + * parents. They should reopen the handle if they want to interact with xc. + * Otherwise, it may cause segment fault to access hypercall buffer caches of + * the handle. + * */ xc_gntshr *xc_gntshr_open(xentoollog_logger *logger, unsigned open_flags); _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |