[Xen-devel] [PATCH MM-PART2 v2 16/19] xen/arm: mm: Protect Xen page-table update with a spinlock

The function create_xen_entries() may be called concurrently. For
instance, while the vmap allocation is protected by a spinlock, the
mapping is not.

The implementation create_xen_entries() contains quite a few TOCTOU
races such as when allocating the 3rd-level page-tables.

Thankfully, they are pretty hard to reach as page-tables are allocated
once and never released. Yet it is possible, so we need to protect with
a spinlock to avoid corrupting the page-tables.

Signed-off-by: Julien Grall <julien.grall@xxxxxxx>

    Changes in v2:
        - Rework the commit message
 xen/arch/arm/mm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
index 9a5f2e1c3f..7502a14760 100644
--- a/xen/arch/arm/mm.c
+++ b/xen/arch/arm/mm.c
@@ -974,6 +974,8 @@ enum xenmap_operation {
+static DEFINE_SPINLOCK(xen_pt_lock);
 static int create_xen_entries(enum xenmap_operation op,
                               unsigned long virt,
                               mfn_t mfn,
@@ -985,6 +987,8 @@ static int create_xen_entries(enum xenmap_operation op,
     lpae_t pte, *entry;
     lpae_t *third = NULL;
+    spin_lock(&xen_pt_lock);
     for(; addr < addr_end; addr += PAGE_SIZE, mfn = mfn_add(mfn, 1))
         entry = &xen_second[second_linear_offset(addr)];
@@ -1059,6 +1063,8 @@ out:
     flush_xen_tlb_range_va(virt, PAGE_SIZE * nr_mfns);
+    spin_unlock(&xen_pt_lock);
     return rc;

