Xen project Mailing List

Re: [Xen-devel] [PATCH V2] x86/altp2m: propagate ept.ad changes to all active altp2ms

To: George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>

From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Date: Mon, 1 Oct 2018 15:05:14 +0300

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 01 Oct 2018 12:05:20 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 10/1/18 2:23 PM, George Dunlap wrote: > On 10/01/2018 12:11 PM, Razvan Cojocaru wrote: >> >> >> On 10/1/18 1:39 PM, Jan Beulich wrote: >>>>>> On 01.10.18 at 11:58, <rcojocaru@xxxxxxxxxxxxxxx> wrote: >>>> Changes since V1: >>>> - Removed unnecessary p2m_lock() in p2m_init_altp2m_ept(). >>> >>> This was a step in the right direction, but ... >>> >>>> static void ept_enable_pml(struct p2m_domain *p2m) >>>> { >>>> + struct domain *d = p2m->domain; >>>> + >>>> /* Domain must have been paused */ >>>> - ASSERT(atomic_read(&p2m->domain->pause_count)); >>>> + ASSERT(atomic_read(&d->pause_count)); >>>> >>>> /* >>>> * No need to return whether vmx_domain_enable_pml has succeeded, as >>>> * ept_p2m_type_to_flags will do the check, and write protection will >>>> be >>>> * used if PML is not enabled. >>>> */ >>>> - if ( vmx_domain_enable_pml(p2m->domain) ) >>>> + if ( vmx_domain_enable_pml(d) ) >>>> return; >>>> >>>> /* Enable EPT A/D bit for PML */ >>>> - p2m->ept.ad = 1; >>>> - vmx_domain_update_eptp(p2m->domain); >>>> + ept_set_ad_sync(p2m, true); >>>> + >>>> + vmx_domain_update_eptp(d); >>>> } >>>> >>>> static void ept_disable_pml(struct p2m_domain *p2m) >>>> { >>>> + struct domain *d = p2m->domain; >>>> + >>>> /* Domain must have been paused */ >>>> - ASSERT(atomic_read(&p2m->domain->pause_count)); >>>> + ASSERT(atomic_read(&d->pause_count)); >>>> >>>> - vmx_domain_disable_pml(p2m->domain); >>>> + vmx_domain_disable_pml(d); >>>> >>>> /* Disable EPT A/D bit */ >>>> - p2m->ept.ad = 0; >>>> - vmx_domain_update_eptp(p2m->domain); >>>> + ept_set_ad_sync(p2m, false); >>>> + >>>> + vmx_domain_update_eptp(d); >>>> } >>> >>> These two functions used to be called with the p2m lock held, >>> while now they aren't anymore. Afaict this introduces a race >>> where the opposite ept_set_ad_sync() may be called before >>> an original one was follow by the respective >>> vmx_domain_update_eptp(), resulting in the A/D enable bit >>> being set the wrong way round in the end. >>> >>> I realize that George did already point out that this is sort of >>> ugly a situation, but the fixing of the issue here shouldn't >>> introduce a new race. What's wrong with retaining the >>> host p2m lock in p2m_{en,dis}able_hardware_log_dirty()? >>> ept_set_ad_sync() then simply wouldn't acquire/release that >>> one, but just the altp2m ones. >> >> That is fine with be, in fact the whole change has been prompted by >> George's remark that "there would something a bit funny here about >> grabbing the main p2m lock in p2m.c, and then grabbing altp2m locks >> within the function". If, after these comments, he doesn't mind the >> scenario then I'll do that in V3. > > I think I would rather grab the main p2m locks in > ept_{enable,disable}_pml(). Wouldn't hurt to have an > ASSERT(p2m_is_locked_by_me()) in ept_set_ad_sync() as well. I'll do that. Thanks! Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.