[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] x86/alternative: don't call text_poke() in lazy TLB mode

To: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
From: Jürgen Groß <jgross@xxxxxxxx>
Date: Thu, 22 Oct 2020 12:48:40 +0200
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, x86@xxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, "H. Peter Anvin" <hpa@xxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>
Delivery-date: Thu, 22 Oct 2020 10:48:44 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 22.10.20 12:45, Peter Zijlstra wrote:

On Thu, Oct 22, 2020 at 11:24:39AM +0200, Jürgen Groß wrote:

On 09.10.20 16:42, Juergen Gross wrote:

When running in lazy TLB mode the currently active page tables might
be the ones of a previous process, e.g. when running a kernel thread.

This can be problematic in case kernel code is being modified via
text_poke() in a kernel thread, and on another processor exit_mmap()
is active for the process which was running on the first cpu before
the kernel thread.

As text_poke() is using a temporary address space and the former
address space (obtained via cpu_tlbstate.loaded_mm) is restored
afterwards, there is a race possible in case the cpu on which
exit_mmap() is running wants to make sure there are no stale
references to that address space on any cpu active (this e.g. is
required when running as a Xen PV guest, where this problem has been
observed and analyzed).

In order to avoid that, drop off TLB lazy mode before switching to the
temporary address space.

Fixes: cefa929c034eb5d ("x86/mm: Introduce temporary mm structs")
Signed-off-by: Juergen Gross <jgross@xxxxxxxx>


Can anyone look at this, please? It is fixing a real problem which has
been seen several times.


As it happens I picked it up yesterday, just pushed it out for you.


Thank you very much!


Juergen

References:
- [PATCH] x86/alternative: don't call text_poke() in lazy TLB mode
  - From: Juergen Gross
- Re: [PATCH] x86/alternative: don't call text_poke() in lazy TLB mode
  - From: Jürgen Groß
- Re: [PATCH] x86/alternative: don't call text_poke() in lazy TLB mode
  - From: Peter Zijlstra

Prev by Date: Re: [PATCH] x86/alternative: don't call text_poke() in lazy TLB mode
Next by Date: Re: [PATCH v2 4/8] evtchn: let evtchn_set_priority() acquire the per-channel lock
Previous by thread: Re: [PATCH] x86/alternative: don't call text_poke() in lazy TLB mode
Next by thread: [PATCH] x86/vmx: Revert "x86/VMX: sanitize rIP before re-entering guest"
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.