From: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
To: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Cc: Takuya Yoshikawa <yoshikawa.takuya@oss.ntt.co.jp>,
Takuya Yoshikawa <takuya.yoshikawa@gmail.com>,
avi@redhat.com, mtosatti@redhat.com, kvm@vger.kernel.org
Subject: Re: [PATCH for 3.3] KVM: Fix write protection race during dirty logging
Date: Mon, 06 Feb 2012 13:02:26 +0800 [thread overview]
Message-ID: <4F2F5EE2.5080703@linux.vnet.ibm.com> (raw)
In-Reply-To: <4F2F4EB6.4040105@linux.vnet.ibm.com>
On 02/06/2012 11:53 AM, Xiao Guangrong wrote:
> On 02/06/2012 11:46 AM, Takuya Yoshikawa wrote:
>
>> (2012/02/06 12:40), Xiao Guangrong wrote:
>>> On 02/05/2012 07:42 PM, Takuya Yoshikawa wrote:
>>>
>>>> From: Takuya Yoshikawa<yoshikawa.takuya@oss.ntt.co.jp>
>>>>
>>>> This patch fixes a race introduced by:
>>>>
>>>> commit 95d4c16ce78cb6b7549a09159c409d52ddd18dae
>>>> KVM: Optimize dirty logging by rmap_write_protect()
>>>>
>>>> During protecting pages for dirty logging, other threads may also try
>>>> to protect a page in mmu_sync_children() or kvm_mmu_get_page().
>>>>
>>>> In such a case, because get_dirty_log releases mmu_lock before flushing
>>>> TLB's, the following race condition can happen:
>>>>
>>>> A (get_dirty_log) B (another thread)
>>>>
>>>> lock(mmu_lock)
>>>> clear pte.w
>>>> unlock(mmu_lock)
>>>> lock(mmu_lock)
>>>> pte.w is already cleared
>>>> unlock(mmu_lock)
>>>> skip TLB flush
>>>> return
>>>> ...
>>>> TLB flush
>>>>
>>>> Though thread B assumes the page has already been protected when it
>>>> returns, the remaining TLB entry will break that assumption.
>>>>
>>>> This patch fixes this problem by making get_dirty_log hold the mmu_lock
>>>> until it flushes the TLB's.
>>>>
>>>
>>>
>>> I do not think this is a problem since the dirty page is logged when
>>> the writeable spte is being set, and in the end of get_dirty_log, all
>>> TLBs are always flushed.
>>>
>>
>> The victim is not GET_DIRTY_LOG but thread B; it needs to assure the page
>> is protected before returning.
>>
>
>
> Ah, right!
>
> Reviewed-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
>
I am worrying if other paths(such as like kvm_mmu_notifier_invalidate_page)
which unmap/modify writeable ptes and flush TLBs out of mmu lock have the
same problem?
next prev parent reply other threads:[~2012-02-06 5:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-05 11:42 [PATCH for 3.3] KVM: Fix write protection race during dirty logging Takuya Yoshikawa
2012-02-06 3:40 ` Xiao Guangrong
2012-02-06 3:46 ` Takuya Yoshikawa
2012-02-06 3:53 ` Xiao Guangrong
2012-02-06 5:02 ` Xiao Guangrong [this message]
2012-02-06 5:12 ` Takuya Yoshikawa
2012-02-06 9:48 ` Avi Kivity
2012-02-08 16:38 ` Marcelo Tosatti
2012-02-09 13:54 ` Takuya Yoshikawa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F2F5EE2.5080703@linux.vnet.ibm.com \
--to=xiaoguangrong@linux.vnet.ibm.com \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=takuya.yoshikawa@gmail.com \
--cc=yoshikawa.takuya@oss.ntt.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.