From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ross Lagerwall <ross.lagerwall@citrix.com>
Subject: Re: [PATCH] x86: Don't crash when mapping a page using
 EFI runtime page tables
Date: Wed, 27 May 2015 11:23:38 +0100
Message-ID: <55659B2A.4020605@citrix.com>
References: <1431706091-32288-1-git-send-email-ross.lagerwall@citrix.com>
	<555A1A33020000780007B3EC@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <555A1A33020000780007B3EC@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Keir Fraser <keir@xen.org>, xen-devel@lists.xen.org
List-Id: xen-devel@lists.xenproject.org

On 05/18/2015 03:58 PM, Jan Beulich wrote:
>>>> On 15.05.15 at 18:08, <ross.lagerwall@citrix.com> wrote:
>> --- a/xen/arch/x86/domain_page.c
>> +++ b/xen/arch/x86/domain_page.c
>> @@ -32,20 +32,25 @@ static inline struct vcpu *mapcache_current_vcpu(void)
>>           return NULL;
>>
>>       /*
>> +     * When using efi runtime page tables, we have the equivalent of the idle
>> +     * domain's page tables but current may point at another domain's VCPU.
>> +     * Return NULL as though current is not properly set up yet.
>> +     */
>> +    if ( efi_enabled && read_cr3() == efi_rs_page_table() )
>> +        return NULL;
>
> I'm okay with the patch in principle; what worries me is the CR3 read
> that is now going to be necessary even in non-debug builds. With
> this code being the only user of efi_rs_page_table(), I wonder if it
> wouldn't make sense to alter that function to return non-zero only
> when spin_is_locked(&efi_rs_lock), and then alter the code above
> such that the CR3 read would happen only when we got a non-zero
> value back.

mapcache_current_vcpu() appears to be called from IRQ-enabled and 
IRQ-disabled callers which prevents us from using the spinlock. Is 
reading cr3 that bad, given that this is a slow path anyway?

>
> And with that I would then also like to fold the potential double CR3
> reads in debug builds to at most one.
>

CR3 needs to be re-read after the lazy context switch to the idle domain 
is completed.

-- 
Ross Lagerwall