* [PATCH] gnttab: fix page_alloc + grant_table deadlock
@ 2013-10-31 20:29 Radim Krčmář
2013-11-05 20:46 ` Matt Wilson
0 siblings, 1 reply; 3+ messages in thread
From: Radim Krčmář @ 2013-10-31 20:29 UTC (permalink / raw)
To: xen-devel; +Cc: keir.fraser, kaf24, JBeulich, Radim Krčmář
AB/BA deaclock between d->page_alloc_lock and d->grant_table->lock
happened in this scenario: (names are original)
gnttab_transfer(): | gnttab_setup_table():
spin_lock(&e->page_alloc_lock); + spin_lock(>->lock);
gnttab_prepare_for_transfer(): | gnttab_grow_table():
| gnttab_create_shared_page():
| share_xen_page_with_guest():
spin_lock(&rgt->lock); + spin_lock(&d->page_alloc_lock);
The patch takes grant_table->lock first in gnttab_transfer() and keeps
it longer, which also saves one unlock()+lock().
Based on analysis from Ulrich Obergfell <uobergfe@redhat.com>.
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
---
xen/common/grant_table.c | 9 +++------
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index f42bc7a..fa46a8b 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -1434,6 +1434,7 @@ gnttab_query_size(
/*
* Check that the given grant reference (rd,ref) allows 'ld' to transfer
* ownership of a page frame. If so, lock down the grant entry.
+ * rd's grant table lock must be held by the caller.
*/
static int
gnttab_prepare_for_transfer(
@@ -1444,8 +1445,6 @@ gnttab_prepare_for_transfer(
union grant_combo scombo, prev_scombo, new_scombo;
int retries = 0;
- spin_lock(&rgt->lock);
-
if ( rgt->gt_version == 0 )
{
gdprintk(XENLOG_INFO,
@@ -1495,11 +1494,9 @@ gnttab_prepare_for_transfer(
scombo = prev_scombo;
}
- spin_unlock(&rgt->lock);
return 1;
fail:
- spin_unlock(&rgt->lock);
return 0;
}
@@ -1617,6 +1614,7 @@ gnttab_transfer(
page = new_page;
}
+ spin_lock(&e->grant_table->lock);
spin_lock(&e->page_alloc_lock);
/*
@@ -1635,6 +1633,7 @@ gnttab_transfer(
"or is dying (%d)\n",
e->tot_pages, e->max_pages, gop.ref, e->is_dying);
spin_unlock(&e->page_alloc_lock);
+ spin_unlock(&e->grant_table->lock);
rcu_unlock_domain(e);
put_gfn(d, gop.mfn);
page->count_info &= ~(PGC_count_mask|PGC_allocated);
@@ -1655,8 +1654,6 @@ gnttab_transfer(
TRACE_1D(TRC_MEM_PAGE_GRANT_TRANSFER, e->domain_id);
/* Tell the guest about its new page frame. */
- spin_lock(&e->grant_table->lock);
-
if ( e->grant_table->gt_version == 1 )
{
grant_entry_v1_t *sha = &shared_entry_v1(e->grant_table, gop.ref);
--
1.8.4.2
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] gnttab: fix page_alloc + grant_table deadlock
2013-10-31 20:29 [PATCH] gnttab: fix page_alloc + grant_table deadlock Radim Krčmář
@ 2013-11-05 20:46 ` Matt Wilson
2013-11-06 8:57 ` Jan Beulich
0 siblings, 1 reply; 3+ messages in thread
From: Matt Wilson @ 2013-11-05 20:46 UTC (permalink / raw)
To: Radim Krčmář
Cc: Andrew Cooper, keir.fraser, kaf24, JBeulich, xen-devel
On Thu, Oct 31, 2013 at 09:29:16PM +0100, Radim Krčmář wrote:
> AB/BA deaclock between d->page_alloc_lock and d->grant_table->lock
> happened in this scenario: (names are original)
"deaclock" -> "deadlock"
> gnttab_transfer(): | gnttab_setup_table():
> spin_lock(&e->page_alloc_lock); + spin_lock(>->lock);
> gnttab_prepare_for_transfer(): | gnttab_grow_table():
> | gnttab_create_shared_page():
> | share_xen_page_with_guest():
> spin_lock(&rgt->lock); + spin_lock(&d->page_alloc_lock);
>
> The patch takes grant_table->lock first in gnttab_transfer() and keeps
> it longer, which also saves one unlock()+lock().
>
> Based on analysis from Ulrich Obergfell <uobergfe@redhat.com>.
This is XSA-73. This patch is much smaller than the patches provided
in the advisory. Andrew, can you comment on why your fix should be
applied instead of this one?
--msw
> Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
> ---
> xen/common/grant_table.c | 9 +++------
> 1 file changed, 3 insertions(+), 6 deletions(-)
>
> diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
> index f42bc7a..fa46a8b 100644
> --- a/xen/common/grant_table.c
> +++ b/xen/common/grant_table.c
> @@ -1434,6 +1434,7 @@ gnttab_query_size(
> /*
> * Check that the given grant reference (rd,ref) allows 'ld' to transfer
> * ownership of a page frame. If so, lock down the grant entry.
> + * rd's grant table lock must be held by the caller.
> */
> static int
> gnttab_prepare_for_transfer(
> @@ -1444,8 +1445,6 @@ gnttab_prepare_for_transfer(
> union grant_combo scombo, prev_scombo, new_scombo;
> int retries = 0;
>
> - spin_lock(&rgt->lock);
> -
> if ( rgt->gt_version == 0 )
> {
> gdprintk(XENLOG_INFO,
> @@ -1495,11 +1494,9 @@ gnttab_prepare_for_transfer(
> scombo = prev_scombo;
> }
>
> - spin_unlock(&rgt->lock);
> return 1;
>
> fail:
> - spin_unlock(&rgt->lock);
> return 0;
> }
>
> @@ -1617,6 +1614,7 @@ gnttab_transfer(
> page = new_page;
> }
>
> + spin_lock(&e->grant_table->lock);
> spin_lock(&e->page_alloc_lock);
>
> /*
> @@ -1635,6 +1633,7 @@ gnttab_transfer(
> "or is dying (%d)\n",
> e->tot_pages, e->max_pages, gop.ref, e->is_dying);
> spin_unlock(&e->page_alloc_lock);
> + spin_unlock(&e->grant_table->lock);
> rcu_unlock_domain(e);
> put_gfn(d, gop.mfn);
> page->count_info &= ~(PGC_count_mask|PGC_allocated);
> @@ -1655,8 +1654,6 @@ gnttab_transfer(
> TRACE_1D(TRC_MEM_PAGE_GRANT_TRANSFER, e->domain_id);
>
> /* Tell the guest about its new page frame. */
> - spin_lock(&e->grant_table->lock);
> -
> if ( e->grant_table->gt_version == 1 )
> {
> grant_entry_v1_t *sha = &shared_entry_v1(e->grant_table, gop.ref);
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] gnttab: fix page_alloc + grant_table deadlock
2013-11-05 20:46 ` Matt Wilson
@ 2013-11-06 8:57 ` Jan Beulich
0 siblings, 0 replies; 3+ messages in thread
From: Jan Beulich @ 2013-11-06 8:57 UTC (permalink / raw)
To: Matt Wilson; +Cc: Andrew Cooper, keir.fraser, rkrcmar, kaf24, xen-devel
>>> On 05.11.13 at 21:46, Matt Wilson <msw@linux.com> wrote:
> On Thu, Oct 31, 2013 at 09:29:16PM +0100, Radim Krčmář wrote:
>> The patch takes grant_table->lock first in gnttab_transfer() and keeps
>> it longer, which also saves one unlock()+lock().
>>
>> Based on analysis from Ulrich Obergfell <uobergfe@redhat.com>.
>
> This is XSA-73. This patch is much smaller than the patches provided
> in the advisory. Andrew, can you comment on why your fix should be
> applied instead of this one?
I think the reason is quite obvious: Extending a locked region is
always a bad idea if there's an alternative not doing so. The more
so for locks we know can be heavily contended.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-11-06 8:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-10-31 20:29 [PATCH] gnttab: fix page_alloc + grant_table deadlock Radim Krčmář
2013-11-05 20:46 ` Matt Wilson
2013-11-06 8:57 ` Jan Beulich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).