Matthew Daley
2013-Feb-28 05:16 UTC
[PATCH] x86/mm: fix invalid unlinking of nested p2m tables
Commit 90805dc (c/s 26387:4056e5a3d815) ("EPT: Make ept data stucture or
operations neutral") makes nested p2m tables be unlinked from the host
p2m table before their destruction (in p2m_teardown_nestedp2m).
However, by this time the host p2m table has already been torn down,
leading to a possible race condition where another allocation between
the two kinds of table being torn down can lead to a linked list
assertion with debug=y builds or memory corruption on debug=n ones.
Fix by swapping the order the two kinds of table are torn down in. While
at it, remove the condition in p2m_final_teardown, as it is already
checked identically in p2m_teardown_hostp2m itself.
Signed-off-by: Matthew Daley <mattjd@gmail.com>
---
xen/arch/x86/mm/p2m.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index de1dd82..ad1f676 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -490,15 +490,13 @@ void p2m_teardown(struct p2m_domain *p2m)
void p2m_final_teardown(struct domain *d)
{
- /* Iterate over all p2m tables per domain */
- struct p2m_domain *p2m = p2m_get_hostp2m(d);
- if ( p2m )
- p2m_teardown_hostp2m(d);
-
/* We must teardown unconditionally because
* we initialise them unconditionally.
*/
p2m_teardown_nestedp2m(d);
+
+ /* Iterate over all p2m tables per domain */
+ p2m_teardown_hostp2m(d);
}
--
1.7.10.4
Tim Deegan
2013-Feb-28 10:59 UTC
Re: [PATCH] x86/mm: fix invalid unlinking of nested p2m tables
At 18:16 +1300 on 28 Feb (1362075364), Matthew Daley wrote:> Commit 90805dc (c/s 26387:4056e5a3d815) ("EPT: Make ept data stucture or > operations neutral") makes nested p2m tables be unlinked from the host > p2m table before their destruction (in p2m_teardown_nestedp2m). > However, by this time the host p2m table has already been torn down, > leading to a possible race condition where another allocation between > the two kinds of table being torn down can lead to a linked list > assertion with debug=y builds or memory corruption on debug=n ones. > > Fix by swapping the order the two kinds of table are torn down in. While > at it, remove the condition in p2m_final_teardown, as it is already > checked identically in p2m_teardown_hostp2m itself. > > Signed-off-by: Matthew Daley <mattjd@gmail.com>Applied, thanks. Tim.
Possibly Parallel Threads
- [PATCH][PAGING][P2M][1/1] Common Interface for P2M table
- [PATCH] xen/p2m: Fix one by off error in checking the P2M tree directory.
- [PATCH] xen: arm: improve VMID allocation.
- Re: [PATCH 2 of 4] xen, pod: Zero-check recently populated pages (checklast)
- odd gfn number checking in p2m.c