From: Keir Fraser <keir.xen@gmail.com>
To: Olaf Hering <olaf@aepfle.de>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
Jan Beulich <JBeulich@suse.com>, <xen-devel@lists.xensource.com>,
<kexec@lists.infradead.org>, <linux-kernel@vger.kernel.org>,
Daniel Kiper <dkiper@net-space.pl>
Subject: Re: [Xen-devel] incorrect layout of globals from head_64.S during kexec boot
Date: Sat, 14 Jul 2012 05:54:50 +0100 [thread overview]
Message-ID: <CC26BA2A.38974%keir.xen@gmail.com> (raw)
In-Reply-To: <20120713202003.GA20972@aepfle.de>
On 13/07/2012 21:20, "Olaf Hering" <olaf@aepfle.de> wrote:
> On Tue, Jul 10, Keir Fraser wrote:
>
>> On 10/07/2012 19:09, "Olaf Hering" <olaf@aepfle.de> wrote:
>>> I'm not sure, most likely the gfn will just disappear from the guest,
>>> like a ballooned page disappears. Accessing it will likely cause a
>>> crash.
>>
>> Best thing to do, is possible, is map the shared-info page in the
>> xen-platform pci device's BAR memory range. Then it will not conflict with
>> any RAM.
>>
>> If you do map it over the top of an existing RAM page, you will have to
>> repopulate that RAM page before kexec, using populate_physmap hypercall. The
>> good news is that the populate_physmap hypercall will have the side effect
>> of unmapping the shared-info page, reayd to be mapped wherever the new
>> kernel would like it to reside :)
>
> Keir,
>
> is this a safe thing to do in a SMP guest?
> If arch/x86/xen/enlighten.c:xen_hvm_init_shared_info() allocates a page
> (backed by mfn M and pfn A) and assigns *HYPERVISOR_shared_info and
> *xen_vcpu then everything will reference these pointers.
So pfn A now points at shared_info, and mfn M is lost (freed back to Xen).
Xen_vcpu doesn't come into it, you'd have that mapped at yet another pfn.
> If drivers/xen/platform-pci.c:platform_pci_init would also do a
> XENMAPSPACE_shared_info call with pfn B, isnt there a small window where
> pfn A is not backed by a mfn because mfn M is now connected to pfn C? As
> a result other code paths which access *HYPERVISOR_shared_info and
> *xen_vcpu between the hypercall and the update of the pointers will read
> 0xff.
Don't really understand this. After the XENMAPSPACE_shared_info_call:
* PFN B points at shared_info, mfn M_B it previously mapped is lost (freed
back to Xen).
* PFN A maps nothing, reads return all-1s.
Yes, obviously you can't atomically update the mapping of shinfo from A->B,
ad update your pointer in the kernel at exactly the same time. Presumably
you do this early during boot, or late during kexec, or otherwise at a time
when other processors are not expected to touch shinfo.
>
> If I read the hypercall code of XENMEM_add_to_physmap correctly the mfn
> backing *HYPERVISOR_shared_info will remain the same, so there is no need
> to copy data from the old to the new *HYPERVISOR_shared_info.
That is correct.
> What do you think, is that race real?
I suppose it is. I didn't imagine it would be a troublesome one though.
-- Keir
> Olaf
WARNING: multiple messages have this Message-ID (diff)
From: Keir Fraser <keir.xen-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: Olaf Hering <olaf-QOLJcTWqO2uzQB+pC5nmwQ@public.gmane.org>
Cc: xen-devel-GuqFBffKawuULHF6PoxzQEEOCMrvLtNR@public.gmane.org,
Konrad Rzeszutek Wilk
<konrad.wilk-QHcLZuEGTsvQT0dZR+AlfA@public.gmane.org>,
kexec-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Jan Beulich <JBeulich-IBi9RG/b67k@public.gmane.org>,
Daniel Kiper <dkiper-lGfBN0aaEZ+lPcVs/6D9LQ@public.gmane.org>
Subject: Re: [Xen-devel] incorrect layout of globals from head_64.S during kexec boot
Date: Sat, 14 Jul 2012 05:54:50 +0100 [thread overview]
Message-ID: <CC26BA2A.38974%keir.xen@gmail.com> (raw)
In-Reply-To: <20120713202003.GA20972-QOLJcTWqO2uzQB+pC5nmwQ@public.gmane.org>
On 13/07/2012 21:20, "Olaf Hering" <olaf-QOLJcTWqO2uzQB+pC5nmwQ@public.gmane.org> wrote:
> On Tue, Jul 10, Keir Fraser wrote:
>
>> On 10/07/2012 19:09, "Olaf Hering" <olaf-QOLJcTWqO2uzQB+pC5nmwQ@public.gmane.org> wrote:
>>> I'm not sure, most likely the gfn will just disappear from the guest,
>>> like a ballooned page disappears. Accessing it will likely cause a
>>> crash.
>>
>> Best thing to do, is possible, is map the shared-info page in the
>> xen-platform pci device's BAR memory range. Then it will not conflict with
>> any RAM.
>>
>> If you do map it over the top of an existing RAM page, you will have to
>> repopulate that RAM page before kexec, using populate_physmap hypercall. The
>> good news is that the populate_physmap hypercall will have the side effect
>> of unmapping the shared-info page, reayd to be mapped wherever the new
>> kernel would like it to reside :)
>
> Keir,
>
> is this a safe thing to do in a SMP guest?
> If arch/x86/xen/enlighten.c:xen_hvm_init_shared_info() allocates a page
> (backed by mfn M and pfn A) and assigns *HYPERVISOR_shared_info and
> *xen_vcpu then everything will reference these pointers.
So pfn A now points at shared_info, and mfn M is lost (freed back to Xen).
Xen_vcpu doesn't come into it, you'd have that mapped at yet another pfn.
> If drivers/xen/platform-pci.c:platform_pci_init would also do a
> XENMAPSPACE_shared_info call with pfn B, isnt there a small window where
> pfn A is not backed by a mfn because mfn M is now connected to pfn C? As
> a result other code paths which access *HYPERVISOR_shared_info and
> *xen_vcpu between the hypercall and the update of the pointers will read
> 0xff.
Don't really understand this. After the XENMAPSPACE_shared_info_call:
* PFN B points at shared_info, mfn M_B it previously mapped is lost (freed
back to Xen).
* PFN A maps nothing, reads return all-1s.
Yes, obviously you can't atomically update the mapping of shinfo from A->B,
ad update your pointer in the kernel at exactly the same time. Presumably
you do this early during boot, or late during kexec, or otherwise at a time
when other processors are not expected to touch shinfo.
>
> If I read the hypercall code of XENMEM_add_to_physmap correctly the mfn
> backing *HYPERVISOR_shared_info will remain the same, so there is no need
> to copy data from the old to the new *HYPERVISOR_shared_info.
That is correct.
> What do you think, is that race real?
I suppose it is. I didn't imagine it would be a troublesome one though.
-- Keir
> Olaf
WARNING: multiple messages have this Message-ID (diff)
From: Keir Fraser <keir.xen@gmail.com>
To: Olaf Hering <olaf@aepfle.de>
Cc: xen-devel@lists.xensource.com,
Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
Jan Beulich <JBeulich@suse.com>,
Daniel Kiper <dkiper@net-space.pl>
Subject: Re: [Xen-devel] incorrect layout of globals from head_64.S during kexec boot
Date: Sat, 14 Jul 2012 05:54:50 +0100 [thread overview]
Message-ID: <CC26BA2A.38974%keir.xen@gmail.com> (raw)
In-Reply-To: <20120713202003.GA20972@aepfle.de>
On 13/07/2012 21:20, "Olaf Hering" <olaf@aepfle.de> wrote:
> On Tue, Jul 10, Keir Fraser wrote:
>
>> On 10/07/2012 19:09, "Olaf Hering" <olaf@aepfle.de> wrote:
>>> I'm not sure, most likely the gfn will just disappear from the guest,
>>> like a ballooned page disappears. Accessing it will likely cause a
>>> crash.
>>
>> Best thing to do, is possible, is map the shared-info page in the
>> xen-platform pci device's BAR memory range. Then it will not conflict with
>> any RAM.
>>
>> If you do map it over the top of an existing RAM page, you will have to
>> repopulate that RAM page before kexec, using populate_physmap hypercall. The
>> good news is that the populate_physmap hypercall will have the side effect
>> of unmapping the shared-info page, reayd to be mapped wherever the new
>> kernel would like it to reside :)
>
> Keir,
>
> is this a safe thing to do in a SMP guest?
> If arch/x86/xen/enlighten.c:xen_hvm_init_shared_info() allocates a page
> (backed by mfn M and pfn A) and assigns *HYPERVISOR_shared_info and
> *xen_vcpu then everything will reference these pointers.
So pfn A now points at shared_info, and mfn M is lost (freed back to Xen).
Xen_vcpu doesn't come into it, you'd have that mapped at yet another pfn.
> If drivers/xen/platform-pci.c:platform_pci_init would also do a
> XENMAPSPACE_shared_info call with pfn B, isnt there a small window where
> pfn A is not backed by a mfn because mfn M is now connected to pfn C? As
> a result other code paths which access *HYPERVISOR_shared_info and
> *xen_vcpu between the hypercall and the update of the pointers will read
> 0xff.
Don't really understand this. After the XENMAPSPACE_shared_info_call:
* PFN B points at shared_info, mfn M_B it previously mapped is lost (freed
back to Xen).
* PFN A maps nothing, reads return all-1s.
Yes, obviously you can't atomically update the mapping of shinfo from A->B,
ad update your pointer in the kernel at exactly the same time. Presumably
you do this early during boot, or late during kexec, or otherwise at a time
when other processors are not expected to touch shinfo.
>
> If I read the hypercall code of XENMEM_add_to_physmap correctly the mfn
> backing *HYPERVISOR_shared_info will remain the same, so there is no need
> to copy data from the old to the new *HYPERVISOR_shared_info.
That is correct.
> What do you think, is that race real?
I suppose it is. I didn't imagine it would be a troublesome one though.
-- Keir
> Olaf
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2012-07-14 5:03 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-05 21:06 incorrect layout of globals from head_64.S during kexec boot Olaf Hering
2012-07-05 21:06 ` Olaf Hering
2012-07-06 8:29 ` [Xen-devel] " Jan Beulich
2012-07-06 8:29 ` Jan Beulich
2012-07-06 8:29 ` Jan Beulich
2012-07-06 8:41 ` Daniel Kiper
2012-07-06 8:41 ` Daniel Kiper
2012-07-06 8:41 ` Daniel Kiper
2012-07-06 12:07 ` Olaf Hering
2012-07-06 12:07 ` Olaf Hering
2012-07-06 12:56 ` [Xen-devel] " Jan Beulich
2012-07-06 12:56 ` Jan Beulich
2012-07-06 12:56 ` Jan Beulich
2012-07-06 13:31 ` Olaf Hering
2012-07-06 13:31 ` Olaf Hering
2012-07-06 13:31 ` Olaf Hering
2012-07-06 13:53 ` Jan Beulich
2012-07-06 13:53 ` Jan Beulich
2012-07-06 13:53 ` Jan Beulich
2012-07-06 14:14 ` Olaf Hering
2012-07-06 14:14 ` Olaf Hering
2012-07-06 14:50 ` Jan Beulich
2012-07-06 14:50 ` Jan Beulich
2012-07-06 14:50 ` Jan Beulich
2012-07-06 17:29 ` Olaf Hering
2012-07-06 17:29 ` Olaf Hering
2012-07-10 9:33 ` Olaf Hering
2012-07-10 9:33 ` Olaf Hering
2012-07-10 14:14 ` Konrad Rzeszutek Wilk
2012-07-10 14:14 ` Konrad Rzeszutek Wilk
2012-07-10 14:46 ` Ian Campbell
2012-07-10 14:46 ` Ian Campbell
2012-07-10 14:51 ` Konrad Rzeszutek Wilk
2012-07-10 14:51 ` Konrad Rzeszutek Wilk
2012-07-10 14:51 ` Konrad Rzeszutek Wilk
2012-07-10 15:29 ` Ian Campbell
2012-07-10 15:29 ` Ian Campbell
2012-07-10 15:29 ` Ian Campbell
2012-07-10 15:37 ` Olaf Hering
2012-07-10 15:37 ` Olaf Hering
2012-07-10 15:23 ` Olaf Hering
2012-07-10 15:23 ` Olaf Hering
2012-07-10 17:26 ` Konrad Rzeszutek Wilk
2012-07-10 17:26 ` Konrad Rzeszutek Wilk
2012-07-10 17:26 ` Konrad Rzeszutek Wilk
2012-07-10 18:09 ` Olaf Hering
2012-07-10 18:09 ` Olaf Hering
2012-07-10 18:32 ` Konrad Rzeszutek Wilk
2012-07-10 18:32 ` Konrad Rzeszutek Wilk
2012-07-10 19:08 ` Keir Fraser
2012-07-10 19:08 ` Keir Fraser
2012-07-10 19:08 ` Keir Fraser
2012-07-13 20:20 ` Olaf Hering
2012-07-13 20:20 ` Olaf Hering
2012-07-14 4:54 ` Keir Fraser [this message]
2012-07-14 4:54 ` Keir Fraser
2012-07-14 4:54 ` Keir Fraser
2012-07-15 16:06 ` Olaf Hering
2012-07-15 16:06 ` Olaf Hering
2012-07-15 17:17 ` Keir Fraser
2012-07-15 17:17 ` Keir Fraser
2012-07-15 17:17 ` Keir Fraser
2012-07-16 15:46 ` Konrad Rzeszutek Wilk
2012-07-16 15:46 ` Konrad Rzeszutek Wilk
2012-07-17 10:24 ` Olaf Hering
2012-07-17 10:24 ` Olaf Hering
2012-07-17 12:34 ` Olaf Hering
2012-07-17 12:34 ` Olaf Hering
2012-07-06 15:54 ` Daniel Kiper
2012-07-06 15:54 ` Daniel Kiper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CC26BA2A.38974%keir.xen@gmail.com \
--to=keir.xen@gmail.com \
--cc=JBeulich@suse.com \
--cc=dkiper@net-space.pl \
--cc=kexec@lists.infradead.org \
--cc=konrad.wilk@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=olaf@aepfle.de \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.