All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] x86/mm: fix invalid unlinking of nested p2m tables
@ 2013-02-28  5:16 Matthew Daley
  2013-02-28 10:59 ` Tim Deegan
  0 siblings, 1 reply; 2+ messages in thread
From: Matthew Daley @ 2013-02-28  5:16 UTC (permalink / raw)
  To: xen-devel; +Cc: Matthew Daley

Commit 90805dc (c/s 26387:4056e5a3d815) ("EPT: Make ept data stucture or
operations neutral") makes nested p2m tables be unlinked from the host
p2m table before their destruction (in p2m_teardown_nestedp2m).
However, by this time the host p2m table has already been torn down,
leading to a possible race condition where another allocation between
the two kinds of table being torn down can lead to a linked list
assertion with debug=y builds or memory corruption on debug=n ones.

Fix by swapping the order the two kinds of table are torn down in. While
at it, remove the condition in p2m_final_teardown, as it is already
checked identically in p2m_teardown_hostp2m itself.

Signed-off-by: Matthew Daley <mattjd@gmail.com>
---
 xen/arch/x86/mm/p2m.c |    8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index de1dd82..ad1f676 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -490,15 +490,13 @@ void p2m_teardown(struct p2m_domain *p2m)
 
 void p2m_final_teardown(struct domain *d)
 {
-    /* Iterate over all p2m tables per domain */
-    struct p2m_domain *p2m = p2m_get_hostp2m(d);
-    if ( p2m )
-        p2m_teardown_hostp2m(d);
-
     /* We must teardown unconditionally because
      * we initialise them unconditionally.
      */
     p2m_teardown_nestedp2m(d);
+
+    /* Iterate over all p2m tables per domain */
+    p2m_teardown_hostp2m(d);
 }
 
 
-- 
1.7.10.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] x86/mm: fix invalid unlinking of nested p2m tables
  2013-02-28  5:16 [PATCH] x86/mm: fix invalid unlinking of nested p2m tables Matthew Daley
@ 2013-02-28 10:59 ` Tim Deegan
  0 siblings, 0 replies; 2+ messages in thread
From: Tim Deegan @ 2013-02-28 10:59 UTC (permalink / raw)
  To: Matthew Daley; +Cc: xen-devel

At 18:16 +1300 on 28 Feb (1362075364), Matthew Daley wrote:
> Commit 90805dc (c/s 26387:4056e5a3d815) ("EPT: Make ept data stucture or
> operations neutral") makes nested p2m tables be unlinked from the host
> p2m table before their destruction (in p2m_teardown_nestedp2m).
> However, by this time the host p2m table has already been torn down,
> leading to a possible race condition where another allocation between
> the two kinds of table being torn down can lead to a linked list
> assertion with debug=y builds or memory corruption on debug=n ones.
> 
> Fix by swapping the order the two kinds of table are torn down in. While
> at it, remove the condition in p2m_final_teardown, as it is already
> checked identically in p2m_teardown_hostp2m itself.
> 
> Signed-off-by: Matthew Daley <mattjd@gmail.com>

Applied, thanks.

Tim.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-02-28 10:59 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-02-28  5:16 [PATCH] x86/mm: fix invalid unlinking of nested p2m tables Matthew Daley
2013-02-28 10:59 ` Tim Deegan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.