[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [for-4.22 PATCH] xen/gnttab: Fix TOCTOU race in gnttab_set_version()

  • To: Jan Beulich <jbeulich@xxxxxxxx>, Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
  • From: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
  • Date: Fri, 22 May 2026 14:28:53 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=suse.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZnaBrwGog3lFa5TNst9Rllq9+tDmquNFjIq9VfkVVWQ=; b=OCAups28PHguj7d+I4aRpf6BzThPOs9wDz3EUbEfFy58OYO8n8G4Av4Q9ZMxROfdkwNYreEXkjODzY/BCYU2wMftBKGJ5TLGikYUcrVf+PrLJfGB6DHdMI/uWI/bGp8Cd3XBy87dCgYmuykQ9QEaFEua1agMdMXrwn+0hNgRVmC6KU/U/Ubp2eisoE5HjL8fR0XRrA7IPm/Kenql/urCbghxcQcfxU03V6mEad6vDt7vFeKHdi9TthyoztaAmWyPUr8OeUbtppvPbdcIMYBkT/oFMd6AVMRW3fqNdxD7aVi3yPj3pXfA99GvO/dEcNkQQUYVAAH6/8QTIvSjXEu/Kg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=dMEtkGGWsLJxiNLJeTb3eVRizjx3E/Nr9QCyo++lUdE5Q4pRexkYQwIhmQgSlimK6HPMK5DsMveky3gf69xCpENwMQ85Ahg4W6bHIifBlyYRdYx1qQchbBchVzyPO4Ev509gfgkzQvfNVYRlU73b3wNtPLQepghA2Xd5HhU+9+PYnPmlJvPUoqj5cXOepjlPGv4oz5H79Ux+ke2uVOaaylOFyDayU26Zoc3cFWF/tXwPGlyEZElfwfHHXUAIyVfN1Uys4g/mWt9Q+YtT9Pc71RMmmuKlbf9WHE2IrXwIibbPG6hCe4/Hc0bJp1ltgsiGSD/DNKo+z3wq8wgOw4hBeA==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, "Julien Grall" <julien@xxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 22 May 2026 12:29:09 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Fri May 22, 2026 at 1:31 PM CEST, Jan Beulich wrote:
> On 22.05.2026 12:57, Alejandro Vallejo wrote:
>> Move first read of gt->gt_version inside the critical region of the
>> rwlock, otherwise concurrent gnttab operations (silly as they would be)
>> may get mutually confused as to the actual current version.
>> 
>> Fixes: c1488502c949("grant-tables: do not fail attempts to...")
>> Reported-by: Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>
>> Signed-off-by: Alejandro Vallejo <alejandro.garciavallejo@xxxxxxx>
>
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Thanks

>
>> There are a number of lockless reads of gt_version (e.g: right after unlock),
>> but they aren't very worrying because they are effectively snapshots of the
>> instantaneous version. I'd feel better if they were all atomic_read(), but 
>> all
>> Xen ports guarantee atomic access on aligned 4 octet fields, so I couldn't be
>> bothered to go chase them.
>
> Sooner or later we will want to deal with all (latent) problems of this kind.

Quite. Concurrency is hard enough without making assumptions about the
underlying ISAs :/

Cheers,
Alejandro

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.