|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH for-4.15 2/4] xen/iommu: x86: Free the IOMMU page-tables with the pgtables.lock held
On 23.12.2020 15:01, Julien Grall wrote: > Hi Jan, > > On 23/12/2020 13:48, Jan Beulich wrote: >> On 22.12.2020 16:43, Julien Grall wrote: >>> From: Julien Grall <jgrall@xxxxxxxxxx> >>> >>> The pgtables.lock is protecting access to the page list pgtables.list. >>> However, iommu_free_pgtables() will not held it. I guess it was assumed >>> that page-tables cannot be allocated while the domain is dying. >>> >>> Unfortunately, there is no guarantee that iommu_map() will not be >>> called while a domain is dying (it looks like to be possible from >>> XEN_DOMCTL_memory_mapping). >> >> I'd rather disallow any new allocations for a dying domain, not >> the least because ... > > Patch #4 will disallow such allocation. However... > >> >>> So it would be possible to be concurrently >>> allocate memory and free the page-tables. >>> >>> Therefore, we need to held the lock when freeing the page tables. >> >> ... we should try to avoid holding locks across allocation / >> freeing functions wherever possible. > >> As to where to place a respective check - I wonder if we wouldn't >> be better off disallowing a majority of domctl-s (and perhaps >> other operations) on dying domains. Thoughts? > > ... this is still pretty racy because you need to guarantee that > d->is_dying is seen by the other processors to prevent allocation. The function freeing the page tables will need a spin_barrier() or alike similar to evtchn_destroy(). Aiui this will eliminate all potential for races. Jan
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |