Xen project Mailing List

Re: [Xen-devel] [PATCH V2] x86/altp2m: propagate ept.ad changes to all active altp2ms

To: "Razvan Cojocaru" <rcojocaru@xxxxxxxxxxxxxxx>

From: "Jan Beulich" <JBeulich@xxxxxxxx>

Date: Mon, 01 Oct 2018 04:39:13 -0600

Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 01 Oct 2018 10:39:21 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 01.10.18 at 11:58, <rcojocaru@xxxxxxxxxxxxxxx> wrote: > Changes since V1: > - Removed unnecessary p2m_lock() in p2m_init_altp2m_ept(). This was a step in the right direction, but ... > static void ept_enable_pml(struct p2m_domain *p2m) > { > + struct domain *d = p2m->domain; > + > /* Domain must have been paused */ > - ASSERT(atomic_read(&p2m->domain->pause_count)); > + ASSERT(atomic_read(&d->pause_count)); > > /* > * No need to return whether vmx_domain_enable_pml has succeeded, as > * ept_p2m_type_to_flags will do the check, and write protection will be > * used if PML is not enabled. > */ > - if ( vmx_domain_enable_pml(p2m->domain) ) > + if ( vmx_domain_enable_pml(d) ) > return; > > /* Enable EPT A/D bit for PML */ > - p2m->ept.ad = 1; > - vmx_domain_update_eptp(p2m->domain); > + ept_set_ad_sync(p2m, true); > + > + vmx_domain_update_eptp(d); > } > > static void ept_disable_pml(struct p2m_domain *p2m) > { > + struct domain *d = p2m->domain; > + > /* Domain must have been paused */ > - ASSERT(atomic_read(&p2m->domain->pause_count)); > + ASSERT(atomic_read(&d->pause_count)); > > - vmx_domain_disable_pml(p2m->domain); > + vmx_domain_disable_pml(d); > > /* Disable EPT A/D bit */ > - p2m->ept.ad = 0; > - vmx_domain_update_eptp(p2m->domain); > + ept_set_ad_sync(p2m, false); > + > + vmx_domain_update_eptp(d); > } These two functions used to be called with the p2m lock held, while now they aren't anymore. Afaict this introduces a race where the opposite ept_set_ad_sync() may be called before an original one was follow by the respective vmx_domain_update_eptp(), resulting in the A/D enable bit being set the wrong way round in the end. I realize that George did already point out that this is sort of ugly a situation, but the fixing of the issue here shouldn't introduce a new race. What's wrong with retaining the host p2m lock in p2m_{en,dis}able_hardware_log_dirty()? ept_set_ad_sync() then simply wouldn't acquire/release that one, but just the altp2m ones. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.