[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH for-4.15 2/4] xen/iommu: x86: Free the IOMMU page-tables with the pgtables.lock held
Hi Jan, On 23/12/2020 13:48, Jan Beulich wrote: On 22.12.2020 16:43, Julien Grall wrote:From: Julien Grall <jgrall@xxxxxxxxxx> The pgtables.lock is protecting access to the page list pgtables.list. However, iommu_free_pgtables() will not held it. I guess it was assumed that page-tables cannot be allocated while the domain is dying. Unfortunately, there is no guarantee that iommu_map() will not be called while a domain is dying (it looks like to be possible from XEN_DOMCTL_memory_mapping).I'd rather disallow any new allocations for a dying domain, not the least because ... Patch #4 will disallow such allocation. However... So it would be possible to be concurrently allocate memory and free the page-tables. Therefore, we need to held the lock when freeing the page tables.... we should try to avoid holding locks across allocation / freeing functions wherever possible. > As to where to place a respective check - I wonder if we wouldn't be better off disallowing a majority of domctl-s (and perhaps other operations) on dying domains. Thoughts? ... this is still pretty racy because you need to guarantee that d->is_dying is seen by the other processors to prevent allocation. As to whether we can forbid most of the domctl-s, I would agree this is a good move. But this doesn't remove the underlying problem here. We are hoping that a top-level function will protect us against the race. Given the IOMMU code is quite deep in the callstack, this is something pretty hard to guarantee with future change. So I still think we need a way to mitigate the issue. Cheers, -- Julien Grall
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |