[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 0 of 3] Resend: correctness race when paging-in

To: xen-devel@xxxxxxxxxxxxxxxxxxx
From: Andres Lagar-Cavilla <andres@xxxxxxxxxxxxxxxx>
Date: Thu, 01 Dec 2011 12:21:11 -0500
Cc: ian.jackson@xxxxxxxxxx, andres@xxxxxxxxxxxxxx, tim@xxxxxxx, olaf@xxxxxxxxx, adin@xxxxxxxxxxxxxx
Delivery-date: Thu, 01 Dec 2011 17:22:46 +0000
Domainkey-signature: a=rsa-sha1; c=nofws; d=lagarcavilla.org; h=content-type :mime-version:content-transfer-encoding:subject:message-id:date :from:to:cc; q=dns; s=lagarcavilla.org; b=TqpByiP9H/YD4evjmHFhSN EV5E5hZrmo3YIeY94XKQJnMXuhW09e1UgIrbqOYmyDXGs5nvMR0VFI3dGE0Fj0bx cw3A520beEsevNqSYcfavJgKmbqFymTA+0rWgDxeabdgI6cd7hXfWrV+0vkeVgnL 25367xdYmmEcdH4pA8rjU=
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

P2m_mem_paging_prep ensures that an mfn is backing the paged-out gfn, and
transitions to the next state in the paging state machine for this page. 
Foreign mappings of the gfn will now succeed. This is the key idea, as it 
allows the pager to now map the gfn and fill in its contents.

Unfortunately, it also allows any other foreign mapper to map the gfn and read
its contents. This is particularly dangerous when the populate is launched
by a foreign mapper in the first place, which will be actively retrying the
map operation and might race with the pager. Qemu-dm being a prime example.

Fix the race by allowing a buffer to be optionally passed in the prep
operation, and having the hypervisor memcpy from that buffer into the newly
prepped page before promoting the gfn type.

Second patch is a tools patch.

Resent after feedback: xenpaging patch attached, simplified with use of 
copy_from_guest. Left potntial short-cut to avoid pging_resume for further 
discussion.

Signed-off-by: Andres Lagar-Cavilla <andres@xxxxxxxxxxxxxxxx>
 xen/arch/x86/mm/mem_event.c  |   2 +-
 xen/arch/x86/mm/mem_paging.c |   2 +-
 xen/arch/x86/mm/p2m.c        |  32 ++++++++++++++++++++++++++++++--
 xen/include/asm-x86/p2m.h    |   2 +-
 xen/include/public/domctl.h  |   8 ++++++--
 tools/libxc/xc_mem_event.c   |   4 ++--
 tools/libxc/xc_mem_paging.c  |  23 +++++++++++++++++++++++
 tools/libxc/xenctrl.h        |   2 ++
 tools/xenpaging/xenpaging.c  |  43 +++++++++++++++++++++----------------------
 9 files changed, 87 insertions(+), 31 deletions(-)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 0 of 3] Resend: correctness race when paging-in
  - From: Tim Deegan
- [Xen-devel] [PATCH 2 of 3] Tools: Libxc wrappers to automatically fill in page oud page contents on prepare
  - From: Andres Lagar-Cavilla
- [Xen-devel] [PATCH 3 of 3] Teach xenpaging to use the new and non-racy xc_mem_paging_load
  - From: Andres Lagar-Cavilla
- [Xen-devel] [PATCH 1 of 3] After preparing a page for page-in, allow immediate fill-in of the page contents
  - From: Andres Lagar-Cavilla

Prev by Date: Re: [Xen-devel] [PATCH] Add code to track the address of the VM generation id buffer across a [and 1 more messages]
Next by Date: [Xen-devel] [PATCH 1 of 3] After preparing a page for page-in, allow immediate fill-in of the page contents
Previous by thread: Re: [Xen-devel] [PATCH] scheduler rate controller
Next by thread: [Xen-devel] [PATCH 1 of 3] After preparing a page for page-in, allow immediate fill-in of the page contents
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.