Xen project Mailing List

Re: [PATCH v16 1/3] mem_sharing: fix sharability check during fork reset

To: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Wed, 22 Apr 2020 17:49:56 +0200

Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=roger.pau@xxxxxxxxxx; spf=Pass smtp.mailfrom=roger.pau@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx

Cc: Tamas K Lengyel <tamas.lengyel@xxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Wed, 22 Apr 2020 15:50:25 +0000

Ironport-sdr: G16WzRWnYbXJERv/lI+rCbf12v3M7TUdB9z1D83A8vwm9JXCLM+XkeSQkJN7W/c3GfxJxPRiNU 6Kkg2mQe1skCKaY4B6JokvVpctghmrSW6B9BLXw+b7riNww8L6k71qFC697hJ4Q8pheOdkdtK6 ZTCylv30GGhr+9ZbzSE24kKaFYVxAVa3Vwy9J96OpmYzMTizlR4gPhWKh3h8TH0XSHnwGcsK3t 3C+4c+owuEQdAPfXpVfuzO9JMS03XIrC2o00syahbYCE5VrvoGz+TWHqcpvnd1wq3DzgYvYZhw pSU=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Apr 22, 2020 at 06:42:42AM -0600, Tamas K Lengyel wrote: > On Wed, Apr 22, 2020 at 3:00 AM Roger Pau Monné <roger.pau@xxxxxxxxxx> wrote: > > > > On Tue, Apr 21, 2020 at 10:47:23AM -0700, Tamas K Lengyel wrote: > > > @@ -666,20 +670,31 @@ static int page_make_sharable(struct domain *d, > > > */ > > > if ( page->count_info != (PGC_allocated | (2 + expected_refcnt)) ) > > > { > > > - spin_unlock(&d->page_alloc_lock); > > > /* Return type count back to zero */ > > > put_page_and_type(page); > > > - return -E2BIG; > > > + rc = -E2BIG; > > > + goto out; > > > + } > > > + > > > + rc = 0; > > > + > > > + if ( validate_only ) > > > + { > > > + put_page_and_type(page); > > > > You seem to check some page attributes but then put the page again, > > which looks racy to me. Since you put the page, couldn't the checks > > that you have performed be stale by the point the data is consumed by > > the caller? > > During fork reset when this is called with validate_only = true the > domain is paused. Furthermore, fork reset is only for forks that have > no device model running, so nothing is interacting with its memory > that could acquire extra references. So no, this isn't racy since > there is nothing to race against that I'm aware of. Also, this check > is really to check for special pages, all of which are setup during > the initial fork process, not during runtime of the fork. Right, it would feel safer to me however if you just return from page_make_sharable while having a page reference, and drop it in mem_sharing_fork_reset if the page shouldn't be removed from the fork. This way you could also avoid having to take an extra reference just after returning from nominate_page in mem_sharing_fork_reset. page_make_sharable already returns while having taken an extra reference to the page in the non validate only case anyway. > > > > > + goto out; > > > } > > > > > > page_set_owner(page, dom_cow); > > > drop_dom_ref = !domain_adjust_tot_pages(d, -1); > > > page_list_del(page, &d->page_list); > > > - spin_unlock(&d->page_alloc_lock); > > > > > > +out: > > > + if ( !validate_only ) > > > + spin_unlock(&d->page_alloc_lock); > > > if ( drop_dom_ref ) > > > put_domain(d); > > > - return 0; > > > + > > > + return rc; > > > } > > > > > > static int page_make_private(struct domain *d, struct page_info *page) > > > @@ -809,8 +824,8 @@ static int debug_gref(struct domain *d, grant_ref_t > > > ref) > > > return debug_gfn(d, gfn); > > > } > > > > > > -static int nominate_page(struct domain *d, gfn_t gfn, > > > - int expected_refcnt, shr_handle_t *phandle) > > > +static int nominate_page(struct domain *d, gfn_t gfn, int > > > expected_refcnt, > > > > Is there any reason for expected_refcnt to be signed? All callers use > > unsigned values. > > No reason. It's just how the code was written by the original author > and we never changed it. Since you are already changing those lines, can I ask you to also change it to unsigned in the places that you touch? Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.