From: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>
To: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Cc: Takuya Yoshikawa <takuya.yoshikawa@gmail.com>,
avi@redhat.com, mtosatti@redhat.com, kvm@vger.kernel.org
Subject: Re: [PATCH for 3.3] KVM: Fix write protection race during dirty logging
Date: Mon, 06 Feb 2012 12:46:14 +0900 [thread overview]
Message-ID: <4F2F4D06.8020303@oss.ntt.co.jp> (raw)
In-Reply-To: <4F2F4B99.6050902@linux.vnet.ibm.com>
(2012/02/06 12:40), Xiao Guangrong wrote:
> On 02/05/2012 07:42 PM, Takuya Yoshikawa wrote:
>
>> From: Takuya Yoshikawa<yoshikawa.takuya@oss.ntt.co.jp>
>>
>> This patch fixes a race introduced by:
>>
>> commit 95d4c16ce78cb6b7549a09159c409d52ddd18dae
>> KVM: Optimize dirty logging by rmap_write_protect()
>>
>> During protecting pages for dirty logging, other threads may also try
>> to protect a page in mmu_sync_children() or kvm_mmu_get_page().
>>
>> In such a case, because get_dirty_log releases mmu_lock before flushing
>> TLB's, the following race condition can happen:
>>
>> A (get_dirty_log) B (another thread)
>>
>> lock(mmu_lock)
>> clear pte.w
>> unlock(mmu_lock)
>> lock(mmu_lock)
>> pte.w is already cleared
>> unlock(mmu_lock)
>> skip TLB flush
>> return
>> ...
>> TLB flush
>>
>> Though thread B assumes the page has already been protected when it
>> returns, the remaining TLB entry will break that assumption.
>>
>> This patch fixes this problem by making get_dirty_log hold the mmu_lock
>> until it flushes the TLB's.
>>
>
>
> I do not think this is a problem since the dirty page is logged when
> the writeable spte is being set, and in the end of get_dirty_log, all
> TLBs are always flushed.
>
The victim is not GET_DIRTY_LOG but thread B; it needs to assure the page
is protected before returning.
Thanks,
Takuya
next prev parent reply other threads:[~2012-02-06 3:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-05 11:42 [PATCH for 3.3] KVM: Fix write protection race during dirty logging Takuya Yoshikawa
2012-02-06 3:40 ` Xiao Guangrong
2012-02-06 3:46 ` Takuya Yoshikawa [this message]
2012-02-06 3:53 ` Xiao Guangrong
2012-02-06 5:02 ` Xiao Guangrong
2012-02-06 5:12 ` Takuya Yoshikawa
2012-02-06 9:48 ` Avi Kivity
2012-02-08 16:38 ` Marcelo Tosatti
2012-02-09 13:54 ` Takuya Yoshikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F2F4D06.8020303@oss.ntt.co.jp \
--to=yoshikawa.takuya@oss.ntt.co.jp \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=takuya.yoshikawa@gmail.com \
--cc=xiaoguangrong@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.