* [PATCH] xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken
@ 2017-09-14 15:39 Julien Grall
2017-09-28 0:45 ` Julien Grall
2017-10-07 0:40 ` Stefano Stabellini
0 siblings, 2 replies; 3+ messages in thread
From: Julien Grall @ 2017-09-14 15:39 UTC (permalink / raw)
To: xen-devel; +Cc: bhupinder.thakur, Julien Grall, sstabellini
*_mapped_gfn are currently read before acquiring the lock. However, they
may be modified by the p2m code before the lock was acquired. This means
we will use the wrong values.
Fix it by moving the read inside the section protected by the p2m lock.
Signed-off-by: Julien Grall <julien.grall@arm.com>
---
This patch should be backported to Xen 4.9 and Xen 4.8
---
xen/arch/arm/p2m.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
index c484469e6c..d1260d3b4e 100644
--- a/xen/arch/arm/p2m.c
+++ b/xen/arch/arm/p2m.c
@@ -1292,13 +1292,13 @@ int relinquish_p2m_mapping(struct domain *d)
p2m_type_t t;
int rc = 0;
unsigned int order;
-
- /* Convenience alias */
- gfn_t start = p2m->lowest_mapped_gfn;
- gfn_t end = p2m->max_mapped_gfn;
+ gfn_t start, end;
p2m_write_lock(p2m);
+ start = p2m->lowest_mapped_gfn;
+ end = p2m->max_mapped_gfn;
+
for ( ; gfn_x(start) < gfn_x(end);
start = gfn_next_boundary(start, order) )
{
@@ -1353,9 +1353,6 @@ int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr)
p2m_type_t t;
unsigned int order;
- start = gfn_max(start, p2m->lowest_mapped_gfn);
- end = gfn_min(end, p2m->max_mapped_gfn);
-
/*
* The operation cache flush will invalidate the RAM assigned to the
* guest in a given range. It will not modify the page table and
@@ -1364,6 +1361,9 @@ int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr)
*/
p2m_read_lock(p2m);
+ start = gfn_max(start, p2m->lowest_mapped_gfn);
+ end = gfn_min(end, p2m->max_mapped_gfn);
+
for ( ; gfn_x(start) < gfn_x(end); start = next_gfn )
{
mfn_t mfn = p2m_get_entry(p2m, start, &t, NULL, &order);
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken
2017-09-14 15:39 [PATCH] xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken Julien Grall
@ 2017-09-28 0:45 ` Julien Grall
2017-10-07 0:40 ` Stefano Stabellini
1 sibling, 0 replies; 3+ messages in thread
From: Julien Grall @ 2017-09-28 0:45 UTC (permalink / raw)
To: xen-devel; +Cc: bhupinder.thakur, sstabellini
Hi,
Ping?
Cheers,
On 09/14/2017 04:39 PM, Julien Grall wrote:
> *_mapped_gfn are currently read before acquiring the lock. However, they
> may be modified by the p2m code before the lock was acquired. This means
> we will use the wrong values.
>
> Fix it by moving the read inside the section protected by the p2m lock.
>
> Signed-off-by: Julien Grall <julien.grall@arm.com>
>
> ---
> This patch should be backported to Xen 4.9 and Xen 4.8
> ---
> xen/arch/arm/p2m.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
> index c484469e6c..d1260d3b4e 100644
> --- a/xen/arch/arm/p2m.c
> +++ b/xen/arch/arm/p2m.c
> @@ -1292,13 +1292,13 @@ int relinquish_p2m_mapping(struct domain *d)
> p2m_type_t t;
> int rc = 0;
> unsigned int order;
> -
> - /* Convenience alias */
> - gfn_t start = p2m->lowest_mapped_gfn;
> - gfn_t end = p2m->max_mapped_gfn;
> + gfn_t start, end;
>
> p2m_write_lock(p2m);
>
> + start = p2m->lowest_mapped_gfn;
> + end = p2m->max_mapped_gfn;
> +
> for ( ; gfn_x(start) < gfn_x(end);
> start = gfn_next_boundary(start, order) )
> {
> @@ -1353,9 +1353,6 @@ int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr)
> p2m_type_t t;
> unsigned int order;
>
> - start = gfn_max(start, p2m->lowest_mapped_gfn);
> - end = gfn_min(end, p2m->max_mapped_gfn);
> -
> /*
> * The operation cache flush will invalidate the RAM assigned to the
> * guest in a given range. It will not modify the page table and
> @@ -1364,6 +1361,9 @@ int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr)
> */
> p2m_read_lock(p2m);
>
> + start = gfn_max(start, p2m->lowest_mapped_gfn);
> + end = gfn_min(end, p2m->max_mapped_gfn);
> +
> for ( ; gfn_x(start) < gfn_x(end); start = next_gfn )
> {
> mfn_t mfn = p2m_get_entry(p2m, start, &t, NULL, &order);
>
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken
2017-09-14 15:39 [PATCH] xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken Julien Grall
2017-09-28 0:45 ` Julien Grall
@ 2017-10-07 0:40 ` Stefano Stabellini
1 sibling, 0 replies; 3+ messages in thread
From: Stefano Stabellini @ 2017-10-07 0:40 UTC (permalink / raw)
To: Julien Grall; +Cc: bhupinder.thakur, sstabellini, xen-devel
On Thu, 14 Sep 2017, Julien Grall wrote:
> *_mapped_gfn are currently read before acquiring the lock. However, they
> may be modified by the p2m code before the lock was acquired. This means
> we will use the wrong values.
>
> Fix it by moving the read inside the section protected by the p2m lock.
>
> Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
and committed
> ---
> This patch should be backported to Xen 4.9 and Xen 4.8
> ---
> xen/arch/arm/p2m.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
> index c484469e6c..d1260d3b4e 100644
> --- a/xen/arch/arm/p2m.c
> +++ b/xen/arch/arm/p2m.c
> @@ -1292,13 +1292,13 @@ int relinquish_p2m_mapping(struct domain *d)
> p2m_type_t t;
> int rc = 0;
> unsigned int order;
> -
> - /* Convenience alias */
> - gfn_t start = p2m->lowest_mapped_gfn;
> - gfn_t end = p2m->max_mapped_gfn;
> + gfn_t start, end;
>
> p2m_write_lock(p2m);
>
> + start = p2m->lowest_mapped_gfn;
> + end = p2m->max_mapped_gfn;
> +
> for ( ; gfn_x(start) < gfn_x(end);
> start = gfn_next_boundary(start, order) )
> {
> @@ -1353,9 +1353,6 @@ int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr)
> p2m_type_t t;
> unsigned int order;
>
> - start = gfn_max(start, p2m->lowest_mapped_gfn);
> - end = gfn_min(end, p2m->max_mapped_gfn);
> -
> /*
> * The operation cache flush will invalidate the RAM assigned to the
> * guest in a given range. It will not modify the page table and
> @@ -1364,6 +1361,9 @@ int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr)
> */
> p2m_read_lock(p2m);
>
> + start = gfn_max(start, p2m->lowest_mapped_gfn);
> + end = gfn_min(end, p2m->max_mapped_gfn);
> +
> for ( ; gfn_x(start) < gfn_x(end); start = next_gfn )
> {
> mfn_t mfn = p2m_get_entry(p2m, start, &t, NULL, &order);
> --
> 2.11.0
>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-10-07 0:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-09-14 15:39 [PATCH] xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken Julien Grall
2017-09-28 0:45 ` Julien Grall
2017-10-07 0:40 ` Stefano Stabellini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).