[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] mm: make opt_bootscrub non-init

To: "Roger Pau Monne" <roger.pau@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Mon, 26 Nov 2018 03:06:16 -0700
Cc: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 26 Nov 2018 10:06:59 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 23.11.18 at 15:30, <roger.pau@xxxxxxxxxx> wrote:
> LLVM code generation can attempt to load from a variable in the next
> condition of an expression under certain circumstances, thus turning
> the following condition:
> 
> if ( system_state < SYS_STATE_active && opt_bootscrub == BOOTSCRUB_IDLE )
> 
> Into:
> 
> 0xffff82d080223967 <+103>: cmpl   $0x3,0x37b032(%rip) # 0xffff82d08059e9a0 
> <system_state>
> 0xffff82d08022396e <+110>: setb   -0x29(%rbp)
> 0xffff82d080223972 <+114>: cmpl   $0x2,0x228a8b(%rip) # 0xffff82d08044c404 
> <opt_bootscrub>
> 
> Such code will trigger a page fault if system_state >=
> SYS_STATE_active because opt_bootscrub will be unmapped.
> 
> Fix this by making opt_bootscrub non-init, thus preventing the page
> fault. The LLVM bug with the discussion about this issue can be found
> at:
> 
> https://bugs.llvm.org/show_bug.cgi?id=39707 
> 
> I haven't been able to find any other instances of such conditional
> expression that uses system_state together with an init variable or
> function.
> 
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

I can accept this as a band-aid, so I'm not going to nack it, but
I don't view this as a feasible solution to the problem. That's in
particular because nothing is done at all to prevent future
similar issues. Even worse, ...

> --- a/xen/common/page_alloc.c
> +++ b/xen/common/page_alloc.c
> @@ -166,7 +166,7 @@ enum bootscrub_mode {
>      BOOTSCRUB_ON,
>      BOOTSCRUB_IDLE,
>  };
> -static enum bootscrub_mode __initdata opt_bootscrub = BOOTSCRUB_IDLE;
> +static enum bootscrub_mode opt_bootscrub = BOOTSCRUB_IDLE;

... no comment gets added here, which will make it rather likely
for someone to notice the missing __initdata and add it back. For
such a "trivial" change I wouldn't expect people to go do extra
archeology.

As an aside - __read_mostly should be added here instead.

Furthermore, while I trust your audit wrt system_state
accesses, these aren't the only potentially problematic ones.
For example in x86 specific code we pass around a boolean
indicating whether we're initializing the BSP or an AP. In other
places we compare the passed around struct cpuinfo_x86
pointer to the address of boot_cpu_data to tell apart the two
cases. The first example I can spot is guarding a function call
(to mcetelem_init()), so not a problem here, but I wouldn't
bet there are no __initdata variable accesses anywhere.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] mm: make opt_bootscrub non-init
  - From: Roger Pau Monné

References:
- [Xen-devel] [PATCH] mm: make opt_bootscrub non-init
  - From: Roger Pau Monne

Prev by Date: Re: [Xen-devel] [PATCH 2/2] amd-iommu: replace occurrences of u<N> with uint<N>_t...
Next by Date: Re: [Xen-devel] [PATCH v3] tools: set Dom0 UUID if requested
Previous by thread: Re: [Xen-devel] [PATCH] mm: make opt_bootscrub non-init
Next by thread: Re: [Xen-devel] [PATCH] mm: make opt_bootscrub non-init
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.