All of lore.kernel.org
 help / color / mirror / Atom feed
From: Razvan Cojocaru <rcojocaru@bitdefender.com>
To: Corneliu ZUZU <czuzu@bitdefender.com>, xen-devel@lists.xen.org
Cc: George Dunlap <george.dunlap@eu.citrix.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>,
	Paul Durrant <paul.durrant@citrix.com>,
	Tamas K Lengyel <tamas@tklengyel.com>,
	Jan Beulich <jbeulich@suse.com>
Subject: Re: [PATCH v2 3/7] x86/vm-event/monitor: don't compromise monitor_write_data on domain cleanup
Date: Tue, 5 Jul 2016 20:16:28 +0300	[thread overview]
Message-ID: <c888df27-3b99-8c8a-e669-4b1555697369@bitdefender.com> (raw)
In-Reply-To: <1467728902-13725-1-git-send-email-czuzu@bitdefender.com>

On 07/05/16 17:28, Corneliu ZUZU wrote:
> The arch_vm_event structure is dynamically allocated and freed @
> vm_event_cleanup_domain. This cleanup is triggered e.g. when the toolstack user
> disables domain monitoring (xc_monitor_disable), which in turn effectively
> discards any information that was in arch_vm_event.write_data.
> 
> But this can yield unexpected behavior since if a CR-write was awaiting to be
> committed on the scheduling tail (hvm_do_resume->arch_monitor_write_data)
> before xc_monitor_disable is called, then the domain CR write is wrongfully
> ignored, which of course, in these cases, can easily render a domain crash.
> 
> To fix the issue, this patch makes arch_vm_event.emul_read_data dynamically
> allocated and only frees that in vm_event_cleanup_domain, instead of the whole
> arch_vcpu.vm_event structure, which with this patch will only be freed on
> vcpu/domain destroyal.
> 
> Signed-off-by: Corneliu ZUZU <czuzu@bitdefender.com>
> Acked-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
> ---
> Changed since v1:
>   * arch_vcpu.vm_event made pointer again to avoid eating memory from arch_vcpu
>     structure

I believe that all acks should be presumed lost on non-trivial changes
in a new version (which I believe this qualifies as being, with all the
new logic of allocating / deallocating only part of vm_event).

Unfortunately I'm out of office until early next week so I can't
properly test / thoroughly parse this until then, but we should be extra
careful that there are several places in the code where it is assumed
that v->arch.vm_event != NULL is the same thing as monitoring being
enabled. I'm not saying that they're not treated in this patch (the
proper change has certainly been made in emulate.c), I'm just saying
that we should be careful that they are.

Having said that, I propose a special macro to make this all clearer,
something like:

#define is_monitor_enabled_for_vcpu(v) \
    ( v->arch.vm_event && v->arch.vm_event->emul_read_data )

or equivalent inline functions returning a bool_t. Just a thought.


Thanks,
Razvan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

  parent reply	other threads:[~2016-07-05 17:16 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-05 14:25 [PATCH v2 0/7] x86/vm-event: Adjustments & fixes Corneliu ZUZU
2016-07-05 14:26 ` [PATCH v2 1/7] x86/vmx_update_guest_cr: minor optimization Corneliu ZUZU
2016-07-05 14:27 ` [PATCH v2 2/7] x86/vm-event/monitor: relocate code-motion more appropriately Corneliu ZUZU
2016-07-05 14:28 ` [PATCH v2 3/7] x86/vm-event/monitor: don't compromise monitor_write_data on domain cleanup Corneliu ZUZU
2016-07-05 14:45   ` George Dunlap
2016-07-05 14:46   ` George Dunlap
2016-07-05 17:16   ` Razvan Cojocaru [this message]
2016-07-06  7:01     ` Corneliu ZUZU
2016-07-05 14:29 ` [PATCH v2 4/7] x86/vm_event_resume: surround VM_EVENT_REASON_MOV_TO_MSR w/ CONFIG_X86 Corneliu ZUZU
2016-07-05 14:29 ` [PATCH v2 5/7] x86/vm-event: minor ASSERT fix, add 'unlikely' Corneliu ZUZU
2016-07-05 14:30 ` [PATCH v2 6/7] minor fixes (formatting, comments, unused includes etc.) Corneliu ZUZU
2016-07-05 15:46   ` Razvan Cojocaru
2016-07-06  9:52   ` Julien Grall
2016-07-05 14:31 ` [PATCH v2 7/7] minor #include change Corneliu ZUZU
2016-07-05 14:39   ` Tamas K Lengyel
2016-07-05 15:25   ` Razvan Cojocaru

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c888df27-3b99-8c8a-e669-4b1555697369@bitdefender.com \
    --to=rcojocaru@bitdefender.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=czuzu@bitdefender.com \
    --cc=george.dunlap@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=paul.durrant@citrix.com \
    --cc=tamas@tklengyel.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.