From: Julien Grall <julien.grall@arm.com>
To: xen-devel@lists.xenproject.org
Cc: Oleksandr_Tyshchenko@epam.com,
Julien Grall <julien.grall@arm.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Andrii_Anisov@epam.com
Subject: [PATCH MM-PART2 v2 16/19] xen/arm: mm: Protect Xen page-table update with a spinlock
Date: Tue, 14 May 2019 13:21:33 +0100 [thread overview]
Message-ID: <20190514122136.28215-25-julien.grall@arm.com> (raw)
In-Reply-To: <20190514122136.28215-1-julien.grall@arm.com>
The function create_xen_entries() may be called concurrently. For
instance, while the vmap allocation is protected by a spinlock, the
mapping is not.
The implementation create_xen_entries() contains quite a few TOCTOU
races such as when allocating the 3rd-level page-tables.
Thankfully, they are pretty hard to reach as page-tables are allocated
once and never released. Yet it is possible, so we need to protect with
a spinlock to avoid corrupting the page-tables.
Signed-off-by: Julien Grall <julien.grall@arm.com>
---
Changes in v2:
- Rework the commit message
---
xen/arch/arm/mm.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
index 9a5f2e1c3f..7502a14760 100644
--- a/xen/arch/arm/mm.c
+++ b/xen/arch/arm/mm.c
@@ -974,6 +974,8 @@ enum xenmap_operation {
RESERVE
};
+static DEFINE_SPINLOCK(xen_pt_lock);
+
static int create_xen_entries(enum xenmap_operation op,
unsigned long virt,
mfn_t mfn,
@@ -985,6 +987,8 @@ static int create_xen_entries(enum xenmap_operation op,
lpae_t pte, *entry;
lpae_t *third = NULL;
+ spin_lock(&xen_pt_lock);
+
for(; addr < addr_end; addr += PAGE_SIZE, mfn = mfn_add(mfn, 1))
{
entry = &xen_second[second_linear_offset(addr)];
@@ -1059,6 +1063,8 @@ out:
*/
flush_xen_tlb_range_va(virt, PAGE_SIZE * nr_mfns);
+ spin_unlock(&xen_pt_lock);
+
return rc;
}
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
WARNING: multiple messages have this Message-ID (diff)
From: Julien Grall <julien.grall@arm.com>
To: xen-devel@lists.xenproject.org
Cc: Oleksandr_Tyshchenko@epam.com,
Julien Grall <julien.grall@arm.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Andrii_Anisov@epam.com
Subject: [Xen-devel] [PATCH MM-PART2 v2 16/19] xen/arm: mm: Protect Xen page-table update with a spinlock
Date: Tue, 14 May 2019 13:21:33 +0100 [thread overview]
Message-ID: <20190514122136.28215-25-julien.grall@arm.com> (raw)
Message-ID: <20190514122133.XVi5eRpHlksxHtPnPcShSUO2mjO7EefVjF0LZCd881M@z> (raw)
In-Reply-To: <20190514122136.28215-1-julien.grall@arm.com>
The function create_xen_entries() may be called concurrently. For
instance, while the vmap allocation is protected by a spinlock, the
mapping is not.
The implementation create_xen_entries() contains quite a few TOCTOU
races such as when allocating the 3rd-level page-tables.
Thankfully, they are pretty hard to reach as page-tables are allocated
once and never released. Yet it is possible, so we need to protect with
a spinlock to avoid corrupting the page-tables.
Signed-off-by: Julien Grall <julien.grall@arm.com>
---
Changes in v2:
- Rework the commit message
---
xen/arch/arm/mm.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
index 9a5f2e1c3f..7502a14760 100644
--- a/xen/arch/arm/mm.c
+++ b/xen/arch/arm/mm.c
@@ -974,6 +974,8 @@ enum xenmap_operation {
RESERVE
};
+static DEFINE_SPINLOCK(xen_pt_lock);
+
static int create_xen_entries(enum xenmap_operation op,
unsigned long virt,
mfn_t mfn,
@@ -985,6 +987,8 @@ static int create_xen_entries(enum xenmap_operation op,
lpae_t pte, *entry;
lpae_t *third = NULL;
+ spin_lock(&xen_pt_lock);
+
for(; addr < addr_end; addr += PAGE_SIZE, mfn = mfn_add(mfn, 1))
{
entry = &xen_second[second_linear_offset(addr)];
@@ -1059,6 +1063,8 @@ out:
*/
flush_xen_tlb_range_va(virt, PAGE_SIZE * nr_mfns);
+ spin_unlock(&xen_pt_lock);
+
return rc;
}
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2019-05-14 12:22 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-14 12:21 [PATCH MM-PART2 v2 00/19] xen/arm: Clean-up & fixes in boot/mm code Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART1 v3 1/8] xen/arm: Don't boot Xen on platform using AIVIVT instruction caches Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 01/19] xen/const: Extend the existing macro BIT to take a suffix in parameter Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART1 v3 2/8] xen/arm: mm: Consolidate setting SCTLR_EL2.WXN in a single place Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 02/19] xen/arm: Rename SCTLR_* defines and remove unused one Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 03/19] xen/arm: processor: Use BIT(.., UL) instead of _AC(1, U) in SCTLR_ defines Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART1 v3 3/8] xen/arm: Remove flush_xen_text_tlb_local() Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 04/19] xen/arm: Rework HSCTLR_BASE Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART1 v3 4/8] xen/arm: tlbflush: Clarify the TLB helpers name Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART1 v3 5/8] xen/arm: page: Clarify the Xen TLBs " Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 05/19] xen/arm: Remove parameter cpuid from start_xen Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART1 v3 6/8] xen/arm: Gather all TLB flush helpers in tlbflush.h Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 06/19] xen/arm: Rework secondary_start prototype Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 07/19] xen/arm64: head: Remove unnecessary comment Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART1 v3 7/8] xen/arm: tlbflush: Rework TLB helpers Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 08/19] xen/arm64: head: Move earlyprintk messages in .rodata.str Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART1 v3 8/8] xen/arm: mm: Flush the TLBs even if a mapping failed in create_xen_entries Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 09/19] xen/arm64: head: Correctly report the HW CPU ID Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 10/19] xen/arm32: " Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 11/19] xen/arm32: head: Don't set MAIR0 and MAIR1 Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 12/19] xen/arm32: head: Always zero r3 before update a page-table entry Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 13/19] xen/arm32: mm: Avoid to zero and clean cache for CPU0 domheap Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 14/19] xen/arm32: mm: Avoid cleaning the cache for secondary CPUs page-tables Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 15/19] xen/arm: mm: Introduce DEFINE_PAGE_TABLE{, S} and use it Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` Julien Grall [this message]
2019-05-14 12:21 ` [Xen-devel] [PATCH MM-PART2 v2 16/19] xen/arm: mm: Protect Xen page-table update with a spinlock Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 17/19] xen/arm: mm: Initialize page-tables earlier Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 18/19] xen/arm: mm: Check start is always before end in {destroy, modify}_xen_mappings Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:21 ` [PATCH MM-PART2 v2 19/19] xen/arm: Pair call to set_fixmap with call to clear_fixmap in copy_from_paddr Julien Grall
2019-05-14 12:21 ` [Xen-devel] " Julien Grall
2019-05-14 12:23 ` [PATCH MM-PART2 v2 00/19] xen/arm: Clean-up & fixes in boot/mm code Julien Grall
2019-05-14 12:23 ` [Xen-devel] " Julien Grall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190514122136.28215-25-julien.grall@arm.com \
--to=julien.grall@arm.com \
--cc=Andrii_Anisov@epam.com \
--cc=Oleksandr_Tyshchenko@epam.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.