From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <jbeulich@suse.com>, rcojocaru@bitdefender.com
Cc: wei.liu2@citrix.com, george.dunlap@eu.citrix.com, tim@xen.org,
ian.jackson@eu.citrix.com, xen-devel@lists.xen.org,
paul.durrant@citrix.com, david.vrabel@citrix.com, keir@xen.org
Subject: Re: [for-4.7] x86/emulate: synchronize LOCKed instruction emulation
Date: Thu, 14 Apr 2016 16:45:07 +0100 [thread overview]
Message-ID: <570FBB03.6090908@citrix.com> (raw)
In-Reply-To: <570FC7E002000078000E67BB@prv-mh.provo.novell.com>
On 14/04/16 16:40, Jan Beulich wrote:
>>>> Razvan Cojocaru <rcojocaru@bitdefender.com> 04/14/16 1:43 PM >>>
>> On 04/14/2016 01:35 PM, David Vrabel wrote:
>>> On 13/04/16 13:26, Razvan Cojocaru wrote:
>>>> LOCK-prefixed instructions are currenly allowed to run in parallel
>>>> in x86_emulate(), which can lead the guest into an undefined state.
>>>> This patch fixes the issue.
>>> Is this sufficient? What if another VCPU is running on another PCPU and
>>> doing an unemulated LOCK-prefixed instruction to the same memory address?
>>>
>>> This other VCPU could be for another domain (or Xen for that matter).
>> The patch is only sufficient for parallel runs of emulated instructions,
>> as previously stated. It is, however, able to prevent nasty guest lockups.
>>
>> This is what happened in a previous thread where I was hunting down the
>> issue and initially thought that the xen-access.c model was broken when
>> used with emulation, and even proceeded to check that the ring buffer
>> memory accesses are synchronized properly. They were alright, the
>> problem was in fact LOCKed instruction emulation happening in parallel,
>> i.e. a race condition there.
>>
>> This is less obvious if we signal that vm_event responses are available
>> immediately after processing each one (which greatly reduces the chances
>> of a race happening), and more obvious with guests that have 2 (or more)
>> VCPUs where all of them are paused waiting for a vm_event reply, and all
>> of them are woken up at the same time, after processing all of the
>> events, and asked to emulate.
>>
>> I do believe that somewhere in Xen emulating in this manner could occur,
>> so I hope to make emulation generally safer.
>>
>> As for not fixing the _whole_ issue, as Jan has rightly pointed out,
>> that's a rather difficult thing to do.
> To be honest, just having remembered that we do the write back for locked
> instructions using CMPXCHG, I'd first of all like to see a proper description
> of "the _whole_ issue".
All emulated instructions with a lock prefix end up calling into
hvmemul_cmpxchg()
I suspect the issue is to do with the implementation of
hvmemul_cmpxchg(), which contains a TODO from 2008 of
/* Fix this in case the guest is really relying on r-m-w atomicity. */
which, amongst other things, never updates *p_old.
Short of having the instruction emulator convert any locked instruction
into a stub, I can't think of a solution which works for both emulated
and non-emulated instructions.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-04-14 15:45 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-13 12:26 [for-4.7] x86/emulate: synchronize LOCKed instruction emulation Razvan Cojocaru
2016-04-14 4:35 ` Jan Beulich
2016-04-14 5:56 ` Razvan Cojocaru
2016-04-14 6:09 ` Juergen Gross
2016-04-14 6:31 ` Razvan Cojocaru
2016-04-14 7:46 ` Juergen Gross
2016-04-14 8:01 ` Andrew Cooper
2016-04-14 8:18 ` Juergen Gross
2016-04-14 8:25 ` Razvan Cojocaru
2016-04-14 8:07 ` Andrew Cooper
2016-04-14 8:09 ` Razvan Cojocaru
2016-04-14 9:08 ` Razvan Cojocaru
2016-04-14 15:33 ` Jan Beulich
2016-04-14 15:44 ` Jan Beulich
2016-04-14 16:00 ` Razvan Cojocaru
2016-04-14 16:11 ` Jan Beulich
2016-04-14 8:51 ` Razvan Cojocaru
2016-04-14 15:31 ` Jan Beulich
2016-04-14 15:40 ` Razvan Cojocaru
2016-04-14 10:35 ` David Vrabel
2016-04-14 11:43 ` Razvan Cojocaru
2016-04-14 15:40 ` Jan Beulich
2016-04-14 15:45 ` Andrew Cooper [this message]
2016-04-14 16:09 ` Jan Beulich
2016-04-14 15:45 ` Razvan Cojocaru
2016-04-14 16:08 ` Jan Beulich
2016-04-18 12:14 ` Razvan Cojocaru
2016-04-18 16:45 ` Jan Beulich
2016-04-19 11:01 ` Razvan Cojocaru
2016-04-19 16:35 ` Jan Beulich
2016-04-26 16:03 ` George Dunlap
2016-04-26 17:23 ` Razvan Cojocaru
2016-04-26 17:39 ` Andrew Cooper
2016-04-27 6:25 ` Jan Beulich
2016-04-27 7:36 ` Andrew Cooper
2016-04-27 6:22 ` Jan Beulich
2016-04-27 7:14 ` Razvan Cojocaru
2016-05-03 14:20 ` Razvan Cojocaru
2016-05-03 14:30 ` Jan Beulich
2016-05-03 14:41 ` Razvan Cojocaru
2016-05-03 15:13 ` Jan Beulich
2016-05-04 11:32 ` Razvan Cojocaru
2016-05-04 13:42 ` Jan Beulich
2016-05-05 9:25 ` Razvan Cojocaru
2016-05-05 16:38 ` Jan Beulich
2016-05-13 15:27 ` Wei Liu
2016-05-13 15:51 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=570FBB03.6090908@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=david.vrabel@citrix.com \
--cc=george.dunlap@eu.citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=jbeulich@suse.com \
--cc=keir@xen.org \
--cc=paul.durrant@citrix.com \
--cc=rcojocaru@bitdefender.com \
--cc=tim@xen.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).