From: Jeremy Fitzhardinge <jeremy@goop.org>
To: Ian Campbell <Ian.Campbell@eu.citrix.com>
Cc: Xen-devel <xen-devel@lists.xensource.com>
Subject: Re: xen.git branch reorg / success with 2.6.30-rc3 pv_ops dom0
Date: Thu, 11 Jun 2009 08:18:15 -0700 [thread overview]
Message-ID: <4A312037.10300@goop.org> (raw)
In-Reply-To: <1244710938.27370.502.camel@zakaz.uk.xensource.com>
On 06/11/09 02:02, Ian Campbell wrote:
> On Tue, 2009-06-09 at 13:28 -0400, Jeremy Fitzhardinge wrote:
>
>> Ian Campbell wrote:
>>
>>> I wonder how this interacts with the logic in
>>> arch/x86/xen/mmu.c:xen_pin_page() which holds the lock while waiting for
>>> the (deferred) pin multicall to occur? Hmm, no this is about the
>>> PagePinned flag on the struct page which is out of date WRT the actual
>>> pinned status as Xen sees it -- we update the PagePinned flag early in
>>> xen_pin_page() long before Xen the pin hypercall so this window is the
>>> other way round to what would be needed to trigger this bug.
>>>
>>>
>> Yes, it looks like you could get a bad mapping here. An obvious fix
>> would be to defer clearing the pinned flag in the page struct until
>> after the hypercall has issued. That would make the racy
>> kmap_atomic_pte map RO, which would be fine unless it actually tries to
>> modify it (but I can't imagine it would do that unlocked).
>>
>
> But would it redo the mapping after taking the lock? It doesn't look
> like it does (why would it). So we could end up writing to an unpinned
> pte via a R/O mapping.
>
Hm, yep. One thing I noticed is that set_pte() is used very rarely, so
it would be no cost to always use a hypercall in that case. But
xen_set_pte_at() ends up calling xen_set_pte() as well, and I think
that's more common. Certainly we need to make sure that we're actually
taking advantage of late-pin by direct writing unpinned ptes.
I've been thinking of rearranging the set_pte(_at) pvops a little bit
anyway; its not obvious we're really getting much benefit from using the
update_va_mapping hypercall, and if we're not using it, then the
set_pte_at pvop is taking a lot of unused parameters.
If we switch to just using mmu_update, then we can just pass the address
and pte value. But we could also pass the struct page * (which makes a
bit of conceptual sense), so we could easy directly test whether the pte
is pinned, and either use a direct write or hypercall accordingly.
> As an experiment I tried the simple approach of flushing the multicalls
> explicitly in xen_unpin_page and then clearing the Pinned bit and it all
> goes a bit wrong. eip is "ptep->pte_low = 0" so I think the unpinned but
> R/O theory holds...
>
Yes, I think the theory is sound. But I'm curious why Pasi seems to be
able to hit the race easily, but we have not...
J
next prev parent reply other threads:[~2009-06-11 15:18 UTC|newest]
Thread overview: 118+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-23 17:38 xen.git branch reorg Jeremy Fitzhardinge
2009-04-23 18:24 ` Pasi Kärkkäinen
2009-04-23 18:32 ` Jeremy Fitzhardinge
2009-04-25 11:54 ` xen.git branch reorg / crash with 2.6.30-rc3 pv_ops dom0 Pasi Kärkkäinen
2009-04-25 12:36 ` Pasi Kärkkäinen
2009-04-25 13:59 ` M A Young
2009-04-26 14:50 ` Pasi Kärkkäinen
2009-04-25 23:34 ` Jeremy Fitzhardinge
2009-04-26 14:51 ` Pasi Kärkkäinen
2009-04-26 18:38 ` Pasi Kärkkäinen
2009-04-27 19:33 ` Jeremy Fitzhardinge
2009-04-27 19:38 ` Pasi Kärkkäinen
[not found] ` <1240931113.22119.11.camel@zakaz.uk.xensource.com>
2009-04-28 15:22 ` Pasi Kärkkäinen
2009-04-28 15:41 ` Yum install xen on F10 Boris Derzhavets
2009-04-28 16:02 ` M A Young
2009-04-28 17:42 ` Boris Derzhavets
2009-04-28 19:33 ` Pasi Kärkkäinen
2009-04-28 19:40 ` Boris Derzhavets
2009-04-29 6:40 ` Boris Derzhavets
2009-05-01 9:13 ` Boris Derzhavets
2009-05-01 9:26 ` John Haxby
2009-05-01 10:51 ` Boris Derzhavets
2009-05-01 10:55 ` M A Young
2009-05-01 11:19 ` Boris Derzhavets
2009-04-28 17:38 ` Pasi Kärkkäinen
2009-04-28 16:25 ` xen.git branch reorg / crash with 2.6.30-rc3 pv_ops dom0 Jeremy Fitzhardinge
[not found] ` <1240939020.22119.15.camel@zakaz.uk.xensource.com>
2009-04-28 17:30 ` Jeremy Fitzhardinge
[not found] ` <1240989350.17173.2096.camel@localhost.localdomain>
2009-04-29 16:25 ` Jeremy Fitzhardinge
2009-05-01 9:58 ` Pasi Kärkkäinen
2009-05-01 18:35 ` Jeremy Fitzhardinge
2009-05-05 17:19 ` Pasi Kärkkäinen
2009-05-05 20:10 ` Jeremy Fitzhardinge
2009-05-06 18:54 ` xen.git branch reorg / success " Pasi Kärkkäinen
2009-05-06 21:51 ` Jeremy Fitzhardinge
2009-05-07 17:24 ` Pasi Kärkkäinen
2009-05-07 18:30 ` Jeremy Fitzhardinge
2009-05-07 18:46 ` Pasi Kärkkäinen
2009-05-14 11:11 ` xen.git branch reorg / success with 2.6.30-rc3 pv_ops dom0 / CONFIG_HIGHPTE problems Pasi Kärkkäinen
2009-05-15 22:48 ` Jeremy Fitzhardinge
2009-05-18 14:57 ` xen.git branch reorg / success with 2.6.30-rc3 pv_ops dom0 Ian Campbell
2009-05-18 17:06 ` Pasi Kärkkäinen
2009-05-18 17:17 ` Pasi Kärkkäinen
2009-05-18 17:39 ` Jeremy Fitzhardinge
2009-05-18 17:50 ` Pasi Kärkkäinen
2009-05-21 9:08 ` Ian Campbell
2009-05-22 8:06 ` Pasi Kärkkäinen
2009-06-04 20:26 ` Pasi Kärkkäinen
2009-06-04 20:30 ` Pasi Kärkkäinen
2009-06-05 10:20 ` Ian Campbell
2009-06-05 11:23 ` Pasi Kärkkäinen
2009-06-05 11:37 ` Ian Campbell
2009-06-05 13:38 ` Pasi Kärkkäinen
2009-06-05 13:52 ` Ian Campbell
2009-06-05 15:41 ` Pasi Kärkkäinen
2009-06-05 16:05 ` Ian Campbell
2009-06-05 16:12 ` Ian Campbell
2009-06-05 18:19 ` Pasi Kärkkäinen
2009-06-08 15:45 ` Ian Campbell
2009-06-08 16:00 ` Ian Campbell
2009-06-08 16:13 ` Pasi Kärkkäinen
2009-06-08 16:17 ` Ian Campbell
2009-06-08 16:21 ` Pasi Kärkkäinen
2009-06-08 17:05 ` Pasi Kärkkäinen
2009-06-08 19:11 ` Pasi Kärkkäinen
2009-06-09 14:53 ` Pasi Kärkkäinen
2009-06-09 15:37 ` Ian Campbell
2009-06-09 18:07 ` Pasi Kärkkäinen
2009-06-09 17:28 ` Jeremy Fitzhardinge
2009-06-11 9:02 ` Ian Campbell
2009-06-11 9:14 ` Pasi Kärkkäinen
2009-06-11 9:18 ` Ian Campbell
2009-06-11 9:18 ` Ian Campbell
2009-06-11 18:27 ` Pasi Kärkkäinen
2009-06-11 19:34 ` Pasi Kärkkäinen
2009-06-15 10:03 ` Ian Campbell
2009-06-15 10:21 ` Pasi Kärkkäinen
2009-06-16 10:35 ` Ian Campbell
2009-06-16 10:56 ` Pasi Kärkkäinen
2009-06-16 19:31 ` Jeremy Fitzhardinge
2009-06-29 21:23 ` Dulloor
2009-07-22 18:16 ` Jeremy Fitzhardinge
2009-06-11 15:18 ` Jeremy Fitzhardinge [this message]
2009-06-11 17:24 ` Pasi Kärkkäinen
2009-06-11 18:56 ` Jeremy Fitzhardinge
2009-06-11 19:02 ` Pasi Kärkkäinen
2009-06-11 19:23 ` Jeremy Fitzhardinge
2009-06-29 21:16 ` Pasi Kärkkäinen
2009-05-18 19:09 ` Pasi Kärkkäinen
2009-05-06 6:48 ` xen.git branch reorg / crash " Jiang, Yunhong
2009-05-06 7:40 ` Jiang, Yunhong
2009-05-06 15:54 ` Jeremy Fitzhardinge
2009-04-24 10:33 ` xen.git branch reorg Boris Derzhavets
2009-04-24 18:17 ` Jeremy Fitzhardinge
2009-04-24 18:50 ` Boris Derzhavets
2009-04-24 19:48 ` Jeremy Fitzhardinge
2009-04-24 22:39 ` Christophe Saout
2009-04-25 6:55 ` Boris Derzhavets
2009-04-25 7:03 ` Venefax
2009-04-25 8:35 ` Boris Derzhavets
2009-04-25 8:19 ` Pasi Kärkkäinen
2009-04-25 8:58 ` Boris Derzhavets
2009-04-25 9:22 ` Boris Derzhavets
[not found] ` <1240846534.29824.101.camel@zakaz.uk.xensource.com>
2009-04-27 19:46 ` Jeremy Fitzhardinge
2009-04-27 20:18 ` Christophe Saout
2009-04-24 18:56 ` Boris Derzhavets
2009-04-24 8:59 ` Alex Zeffertt
2009-04-27 15:44 ` Ian Campbell
2009-04-26 1:28 ` William Pitcock
2009-04-27 20:50 ` Jeremy Fitzhardinge
2009-04-27 21:07 ` William Pitcock
2009-04-27 23:48 ` Jeremy Fitzhardinge
2009-04-28 7:13 ` William Pitcock
2009-04-28 9:14 ` Boris Derzhavets
2009-04-28 14:51 ` William Pitcock
2009-04-28 15:01 ` Boris Derzhavets
2009-04-28 15:33 ` William Pitcock
2009-04-28 15:51 ` Boris Derzhavets
2009-04-28 16:28 ` Jeremy Fitzhardinge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A312037.10300@goop.org \
--to=jeremy@goop.org \
--cc=Ian.Campbell@eu.citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.