Xen project Mailing List

[Xen-devel] [PATCH 2/3] xmalloc: don't evaluate ADD_REGION without holding the pool lock

From: Paul Durrant <paul.durrant@xxxxxxxxxx>

Date: Tue, 2 Jul 2019 17:38:39 +0100

Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=paul.durrant@xxxxxxxxxx; spf=Pass smtp.mailfrom=Paul.Durrant@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Paul Durrant <paul.durrant@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>

Delivery-date: Tue, 02 Jul 2019 16:38:56 +0000

Ironport-sdr: 1HVVlpBeEyqFY8ue3C4/YfjNRVbEb+HZuPKDv/1luvh/ZkjLiWOFyH5ggji4vddcvDj0msDkW3 7/QbVmFO/gyX6b/o/QkytEcYlSztTizZ4hZHsEC7JY9/cFVNNPhiJ+K9zuJKXL8E2HceVYefgY 9JQu06DMojCgLWNNOVYwfwNnkLa0nrFGWEuztZD50UWoQ+EvmZ9rWFa83pD4kLP7WHRFDYFB7v 2spnYLX9nUL6dmRhP/5a9hcVWrrFWZI/X+RbqZSl6fpISdhgv2SH/9WV1Ph1sj3/QhhorMPN4y NIU=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

It's not safe to add a region without holding the lock, but this is exactly what may happen if two threads race entering xmem_pool_alloc() before the init_region is set. This patch instead checks for init_region under lock, drops the lock if it needs to allocate a page, takes the lock, adds the region and then confirms init_region is still unset before pointing it at the newly added region. Thus, it is possible that a race may cause an extra region to be added, but there will be no pool metadata corruption. Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx> --- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx> Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> Cc: Jan Beulich <jbeulich@xxxxxxxx> Cc: Julien Grall <julien.grall@xxxxxxx> Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx> Cc: Tim Deegan <tim@xxxxxxx> Cc: Wei Liu <wl@xxxxxxx> --- xen/common/xmalloc_tlsf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/xen/common/xmalloc_tlsf.c b/xen/common/xmalloc_tlsf.c index 6d889b7bdc..71597c3590 100644 --- a/xen/common/xmalloc_tlsf.c +++ b/xen/common/xmalloc_tlsf.c @@ -380,18 +380,22 @@ void *xmem_pool_alloc(unsigned long size, struct xmem_pool *pool) int fl, sl; unsigned long tmp_size; + spin_lock(&pool->lock); if ( pool->init_region == NULL ) { + spin_unlock(&pool->lock); if ( (region = pool->get_mem(pool->init_size)) == NULL ) goto out; + spin_lock(&pool->lock); ADD_REGION(region, pool->init_size, pool); - pool->init_region = region; + /* Re-check since the lock was dropped */ + if ( pool->init_region == NULL ) + pool->init_region = region; } size = (size < MIN_BLOCK_SIZE) ? MIN_BLOCK_SIZE : ROUNDUP_SIZE(size); /* Rounding up the requested size and calculating fl and sl */ - spin_lock(&pool->lock); retry_find: MAPPING_SEARCH(&size, &fl, &sl); -- 2.20.1.2.gb21ebb671 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.