From: Julien Grall <julien.grall@arm.com>
To: Stefano Stabellini <sstabellini@kernel.org>, Wei Chen <wei.chen@arm.com>
Cc: wei.liu2@citrix.com, xen-devel@lists.xen.org
Subject: Re: [for-4.7 2/2] xen/arm: p2m: Release the p2m lock before undoing the mappings
Date: Tue, 17 May 2016 12:35:24 +0100 [thread overview]
Message-ID: <573B01FC.5070906@arm.com> (raw)
In-Reply-To: <alpine.DEB.2.10.1605171220270.2494@sstabellini-ThinkPad-X260>
Hi Stefano and Wei,
On 17/05/16 12:24, Stefano Stabellini wrote:
> I think you are right. Especially with backports in mind, it would be
> better to introduce an __apply_p2m_changes function which assumes that
> the p2m lock has already been taken by the caller. Then you can base the
> implementation of apply_p2m_changes on it.
> On Tue, 17 May 2016, Wei Chen wrote:
>> Hi Julien,
>>
>> I have some concern about this patch. Because we released the spinlock
>> before remove the mapped memory. If somebody acquires the spinlock
>> before we remove the mapped memory, this mapped memory region can be
>> accessed by guest.
>>
>> The apply_p2m_changes is no longer atomic. Is it a security risk?
Accesses to the page table have never been atomic, as soon as an entry
is written in the page tables, the guest vCPUs or a prefetcher could
read it.
The spinlock is only here to protect the page tables against concurrent
modifications. Releasing the lock is not an issue as Xen does not
promise any ordering for the p2m changes.
Regards,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
next prev parent reply other threads:[~2016-05-17 11:35 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-16 14:08 [for-4.7 0/2] xen/arm: Bug fixes in the P2M code Julien Grall
2016-05-16 14:08 ` [for-4.7 1/2] xen/arm: p2m: apply_p2m_changes: Do not undo more than necessary Julien Grall
2016-05-17 6:40 ` Wei Chen
2016-05-17 7:29 ` Julien Grall
2016-05-17 11:18 ` Stefano Stabellini
2016-05-16 14:08 ` [for-4.7 2/2] xen/arm: p2m: Release the p2m lock before undoing the mappings Julien Grall
2016-05-17 5:45 ` Wei Chen
2016-05-17 6:21 ` Wei Chen
2016-05-17 11:24 ` Stefano Stabellini
2016-05-17 11:35 ` Julien Grall [this message]
2016-05-17 12:27 ` Stefano Stabellini
2016-05-17 12:48 ` Julien Grall
2016-05-18 10:10 ` Stefano Stabellini
2016-05-18 10:31 ` Julien Grall
2016-05-18 10:45 ` Julien Grall
2016-05-18 10:39 ` [for-4.7 0/2] xen/arm: Bug fixes in the P2M code Stefano Stabellini
2016-05-18 10:46 ` Wei Liu
2016-05-18 10:58 ` Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=573B01FC.5070906@arm.com \
--to=julien.grall@arm.com \
--cc=sstabellini@kernel.org \
--cc=wei.chen@arm.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).