[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] xen-mapcache: avoid a race on memory map while using MAP_FIXED
- To: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Tue, 20 Apr 2021 10:53:18 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7Ey7G9XXPAB/E/8vkwVSZWrgLstwMk9KN77MQwqGHJw=; b=dWG5HGkTy4P8TwAvb9e2dIpIcDTpP/HxVyYrLBVGotuAdmrTxSl9GLLbelvoVvGv1To/KGhE7Eu29TdQDx2FtbGjiAJRvb95s55BwFKQClkQwH0gX0ncPjSvHoR69/vMHbppv7xJK/5dZGi4J5gBNrWzVa1xmrQXA0sDbuQsidqgH/BirGu586q6mgrIXBmiblCUWz+sw5n7ZXUbDssRE5SJVi1nU6sURKRpENIkjgxPKb38SYsjI9QE3V+bzgJ5dpKA2KK7qUZicDTMjZV2jDkiNvC+4Ms0XcxP2WL57QmT40+fx96Hl9VCiu5r88gk5JlifSyLle93cpsSVJ3KFQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MzPhU/GX/7X0NxhS4KKzF6q3OhKCmLjfZe0Q67Vam+SuHl8jRCocYEWF9wVesLhY3i0tLXETKJWs55yKNMGGGJcDlL84D2uMOsqhkgN9KKoPJ+2rX2soFzyJ7VB4dDuhTffmcLYgZeott79nfyzTj+b7gIO1ZyrOX95lJ27NbrlTljPzGZxkBTkcLb8B3Af0LhQILnwaLSSuUJ2XAfMiQpxiww01qXUcWwCUob/LmTp4g2L/pk29D5CgRz1ckVVBBhxfCu5Q4UmX2rQTuBe+4pjhLeFIysXZJoaXNq3A7ZHKzZ6NjVTxvEYekbHk+resNcumnGHtT5L0K6buHBpSvg==
- Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
- Cc: <qemu-devel@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>, <sstabellini@xxxxxxxxxx>, <anthony.perard@xxxxxxxxxx>, <paul@xxxxxxx>, <mst@xxxxxxxxxx>, <marcel.apfelbaum@xxxxxxxxx>, <pbonzini@xxxxxxxxxx>, <richard.henderson@xxxxxxxxxx>, <ehabkost@xxxxxxxxxx>
- Delivery-date: Tue, 20 Apr 2021 08:53:32 +0000
- Ironport-hdrordr: A9a23:MIkmDq76w2RxdbelkAPXwWqEI+orLtY04lQ7vn1ZYSd+NuSFis Gjm+ka3xfoiDAXHEotg8yEJbPoexzh3LZPy800Ma25VAfr/FGpIoZr8Jf4z1TbdxHW3tV2kZ 1te60WMrDNJHBxh8ri/U2cG9Ev3NGI/MmT9Jzj5l1GJDsaCJ1IxQF/FwqdDwlSTA5JGZI2GP Onl7B6jhCnfmkaadn+O2kdU4H41pf2vb/FQTpDPR4o7wGSkSilgYSVLzG01goTOgk/posK3n PCl2XCh5mLk/b+8RPE0n+W0pI+oqqY9vJiH8qKs84PN3HXpz3AXu9ccpmjmBxwn+218lYtl7 D30lodFuB+8WnYcG3wgTaF4XiH7B8U53XvyUCVjBLYyKTEbQk3BMZbiYVSfgGx0TtYgPhHzK lJ02iF3qAnby/ooSXn69DEEzFsm0akyEBS9dI7sn1FXYMSLIJWtIwUlXkldasoISSS0uAaOd grJNzA7PxWdV+ccjTXvmxix9SpUh0IdCuucwwngIi4wjJWlHd2ww8z38oEhEoN85o7Vt1t+/ nEGr4ArsAAcuYmKYZGQMsRS8q+DWLABTjWNniJHFjhHKYbf1rQtp/M5qkv7u3CQu1H8LIC3L D6FH9Iv287fEzjTeeU2odQzxzLSGKhGRPg199Z/Jo8nrHnXrLkPWmiRTkV4oqdisRaJveed+ e4OZpQDfOmB3DpA5x10wr3XIQXJmIZVMETp9YnS1ODqs/GMeTRx6/mWceWAICoPScvW2v5DH dGdiP0Pt984keiXWK9gBW5YQKuRmXPubZLVITK9ekaz4YAcqdWtBIOtFi/7saXbTlLsqk8el piMKrq+5nL4FWezCLt1SFEKxBdBkFa7PHLSHVRvzIHNEvybPIEoNWQeWdb2XOdPR9hR8bKEA pSzm4HuZ6fHti1/2QPGtinOmWVgz84v3SRVaoRnaWF+IP4YJ8iF40nX6ZwDA3PEBRwlW9R2S N+QT5BYnWaOiLliK2jgpBROfrWcMNkhhy3ZeROr2jEiEmarcYzZ3cSUjK0S/SLiQI2Szc8vC w3z4YvxJ673RemMy8WnfkxOlwkUhXrPJt2SCC+ILhytp+uUgdqVmuOjSGdkHgICxbX3nRXoH fgIy2ScezMGXxHtBljo+rX2Vtpa2SQeF9xYHhmsYt7UX/LoGp3zPXjXNvN70KBLlQF2e0TKz fDfH8bJR5v3cm+0FqPlC+FDmhO/ORnAsXNSLAiearUwHWjNcmBkrwHBeZd+P9eRabTm/5OVe KUYAmOKjzkT+svxgyOv34gfC15smMtn/+t2Brr6gGDrTcCKOuXJFRtXLcAJd6Aq2DiWvaTyZ 18ycsvovHYCBSFVveWjaXMKzJTIBLapmC7C+kutJBPpKo38L9+BYPSXzfE3GxOtS9OZ/vchQ cbWuB28brBMohgc4gJdyVV8kEgmd6PIEEo2zaGddMWbBUolTvWLtmJ673Hpf4zGUWHvhL3Ik Ta/CtH/fvJNhHzp4IyGuY1OyBRZ0c94ng5o7/HeI3UFQmwd+ZMuFC9KWSwdbdBSK6DXbUcxy wKk+2gjquSbW7/3guVoD5wZqRJ+GyjSdmpAA2NFfVTmubKTWikk++v+oqrkDzzSTGncEwWio 1OaFwIYq14+0gfpZxy1jL3V7f+rU0kmUZP+D1rllbi3Y69/WfQdHs2QjHxk9FRRjlcMn+BkM TD/6yZzR3GkUZ45aU=
- Ironport-sdr: OqbIk8G9te/lcu8jWfcHpJaEJUW9FDpZi3hijgy1wt2yO4dx4J4vJt/Z1NadPqv1x0HKHFsK7z huNfM4QXSGWXmH+W+INVJbw1VjSxK8ax8wuP/hqnYhjOa5dp6dApSeGr7RruiHSPOmtoXigeYC Wopi6c3Dr367+FpxlCsrutmVWl0zxvYr0FUVOtbF0LaoBakPNufW4rto2uzgZjGUjFjSdIUfnw IOG27h3PVgB0pAEkVkNOOWqJNejeP4SCMGfxDfOHCFjlxBV0JBbwFH5l0OPYtrUpvkw9ywKfRJ 5IE=
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Tue, Apr 20, 2021 at 04:35:02AM +0100, Igor Druzhinin wrote:
> When we're replacing the existing mapping there is possibility of a race
> on memory map with other threads doing mmap operations - the address being
> unmapped/re-mapped could be occupied by another thread in between.
>
> Linux mmap man page recommends keeping the existing mappings in place to
> reserve the place and instead utilize the fact that the next mmap operation
> with MAP_FIXED flag passed will implicitly destroy the existing mappings
> behind the chosen address. This behavior is guaranteed by POSIX / BSD and
> therefore is portable.
>
> Note that it wouldn't make the replacement atomic for parallel accesses to
> the replaced region - those might still fail with SIGBUS due to
> xenforeignmemory_map not being atomic. So we're still not expecting those.
>
> Tested-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
> Signed-off-by: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx>
Should we add a 'Fixes: 759235653de ...' or similar tag here?
> ---
> hw/i386/xen/xen-mapcache.c | 15 ++++++++++++++-
> 1 file changed, 14 insertions(+), 1 deletion(-)
>
> diff --git a/hw/i386/xen/xen-mapcache.c b/hw/i386/xen/xen-mapcache.c
> index 5b120ed..e82b7dc 100644
> --- a/hw/i386/xen/xen-mapcache.c
> +++ b/hw/i386/xen/xen-mapcache.c
> @@ -171,7 +171,20 @@ static void xen_remap_bucket(MapCacheEntry *entry,
> if (!(entry->flags & XEN_MAPCACHE_ENTRY_DUMMY)) {
> ram_block_notify_remove(entry->vaddr_base, entry->size);
> }
> - if (munmap(entry->vaddr_base, entry->size) != 0) {
> +
> + /*
> + * If an entry is being replaced by another mapping and we're using
> + * MAP_FIXED flag for it - there is possibility of a race for vaddr
> + * address with another thread doing an mmap call itself
> + * (see man 2 mmap). To avoid that we skip explicit unmapping here
> + * and allow the kernel to destroy the previous mappings by replacing
> + * them in mmap call later.
> + *
> + * Non-identical replacements are not allowed therefore.
> + */
> + assert(!vaddr || (entry->vaddr_base == vaddr && entry->size ==
> size));
> +
> + if (!vaddr && munmap(entry->vaddr_base, entry->size) != 0) {
Oh, so remappings of foreign addresses must always use the same
virtual address space, I somehow assumed that you could remap an
existing foreign map (or dummy mapping) into a different virtual
address if you so wanted.
Thanks, Roger.
|
