From: Andy Lutomirski <luto@amacapital.net>
To: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: "security@kernel.org" <security@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Andrew Cooper <andrew.cooper3@citrix.com>,
X86 ML <x86@kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
xen-devel <xen-devel@lists.xen.org>,
Borislav Petkov <bp@alien8.de>, Jan Beulich <jbeulich@suse.com>,
Sasha Levin <sasha.levin@oracle.com>
Subject: Re: [PATCH v4 0/3] x86: modify_ldt improvement, test, and config option
Date: Tue, 28 Jul 2015 17:21:22 -0700 [thread overview]
Message-ID: <CALCETrXH5_PMqfH1en_5c+5gUpq8SjCnQ3Xaz-K6ej6FgBgLDQ__30808.9128965095$1438129399$gmane$org@mail.gmail.com> (raw)
In-Reply-To: <55B7B791.2050208@oracle.com>
On Tue, Jul 28, 2015 at 10:10 AM, Boris Ostrovsky
<boris.ostrovsky@oracle.com> wrote:
> On 07/28/2015 01:07 PM, Andy Lutomirski wrote:
>>
>> On Tue, Jul 28, 2015 at 9:30 AM, Andrew Cooper
>> <andrew.cooper3@citrix.com> wrote:
>>>
>>> I suspect that the set_ldt(NULL, 0) call hasn't reached Xen before
>>> xen_free_ldt() is attempting to nab back the pages which Xen still has
>>> mapped as an LDT.
>>>
>> I just instrumented it with yet more LSL instructions. I'm pretty
>> sure that set_ldt really is clearing at least LDT entry zero.
>> Nonetheless the free_ldt call still oopses.
>>
>
> Yes, I added some instrumentation to the hypervisor and we definitely set
> LDT to NULL before failing.
>
> -boris
Looking at map_ldt_shadow_page: what keeps shadow_ldt_mapcnt from
getting incremented once on each CPU at the same time if both CPUs
fault in the same shadow LDT page at the same time? Similarly, what
keeps both CPUs from calling get_page_type at the same time and
therefore losing track of the page type reference count?
I don't see why vmalloc or vm_unmap_aliases would have anything to do
with this, though.
--Andy
--
Andy Lutomirski
AMA Capital Management, LLC
next prev parent reply other threads:[~2015-07-29 0:21 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1437802102.git.luto@kernel.org>
2015-07-25 5:36 ` [PATCH v4 1/3] x86/ldt: Make modify_ldt synchronous Andy Lutomirski
2015-07-25 5:36 ` [PATCH v4 2/3] x86/ldt: Make modify_ldt optional Andy Lutomirski
2015-07-25 5:36 ` [PATCH v4 3/3] selftests/x86, x86/ldt: Add a selftest for modify_ldt Andy Lutomirski
2015-07-25 6:27 ` [PATCH v4 0/3] x86: modify_ldt improvement, test, and config option Willy Tarreau
[not found] ` <12ddcec938d76238975dff9de7d66cfc6e574aa7.1437802102.git.luto@kernel.org>
2015-07-25 9:03 ` [PATCH v4 1/3] x86/ldt: Make modify_ldt synchronous Borislav Petkov
[not found] ` <7286d77aa81abc38dc40362e2439861427064f6f.1437802102.git.luto@kernel.org>
2015-07-25 6:23 ` [PATCH v4 2/3] x86/ldt: Make modify_ldt optional Willy Tarreau
[not found] ` <20150725062343.GA3902@1wt.eu>
2015-07-25 6:44 ` Andy Lutomirski
[not found] ` <CALCETrX0ExTFXVdNthwBRheg4vsffPThVuyn7uAcj_TGwpXgiA@mail.gmail.com>
2015-07-25 7:50 ` Willy Tarreau
[not found] ` <20150725075052.GA3918@1wt.eu>
2015-07-25 13:03 ` [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime Willy Tarreau
[not found] ` <20150725130340.GA17257@1wt.eu>
2015-07-25 16:08 ` Andy Lutomirski
[not found] ` <CALCETrV+OB0qxtw5CHaZc5RftuCUax04RxTyi_bt4ZKDJ2GB0g@mail.gmail.com>
2015-07-25 16:33 ` Willy Tarreau
[not found] ` <20150725163356.GD17659@1wt.eu>
2015-07-25 17:42 ` Andy Lutomirski
[not found] ` <CALCETrXeWdugPpAkKhUD=f7ftuYSM5fxaPxnF2=PwygupP2_4w@mail.gmail.com>
2015-07-25 18:45 ` Willy Tarreau
2015-07-27 19:04 ` Kees Cook
[not found] ` <CAGXu5jJDfnkRG2F=L37CnrgnCN4Yxh0p9QWbYFqQ_Jw5qk3HsQ@mail.gmail.com>
2015-07-27 21:37 ` Willy Tarreau
2015-07-25 9:15 ` [PATCH v4 2/3] x86/ldt: Make modify_ldt optional Borislav Petkov
[not found] ` <20150725091531.GE3427@nazgul.tnic>
2015-07-25 16:03 ` Andy Lutomirski
[not found] ` <CALCETrV_oeS_kA3oNirWTwc00ze2v=QLmx6tZKU7sxt_+gMcAg@mail.gmail.com>
2015-07-25 16:35 ` Willy Tarreau
2015-07-27 15:36 ` [PATCH v4 0/3] x86: modify_ldt improvement, test, and config option Boris Ostrovsky
[not found] ` <55B64FEA.70204@oracle.com>
2015-07-27 15:53 ` Andy Lutomirski
[not found] ` <CALCETrUEYTCwYzA0bvG=EJOi+pdXX=FZXoaQc4tYGkJATM7x3g@mail.gmail.com>
2015-07-27 16:18 ` Boris Ostrovsky
[not found] ` <55B659EC.5030009@oracle.com>
2015-07-28 2:20 ` Andy Lutomirski
[not found] ` <CALCETrV7zVbt0ZV4KYcSTUHjAOxzGmu3SXWoT7iECB=zWSN7Ew@mail.gmail.com>
2015-07-28 3:16 ` Andy Lutomirski
[not found] ` <CALCETrV275oYQY80yg6TJ-h9n2Db-uF-po90bF+JmKjnV5ZqYw@mail.gmail.com>
2015-07-28 3:23 ` Andy Lutomirski
2015-07-28 3:43 ` Boris Ostrovsky
2015-07-28 10:29 ` Andrew Cooper
[not found] ` <55B75993.90909@citrix.com>
2015-07-28 14:05 ` Boris Ostrovsky
[not found] ` <55B78C35.1050702@oracle.com>
2015-07-28 14:35 ` Andrew Cooper
[not found] ` <55B79314.8060009@citrix.com>
2015-07-28 14:50 ` Boris Ostrovsky
[not found] ` <55B796BF.1080005@oracle.com>
2015-07-28 15:15 ` Konrad Rzeszutek Wilk
2015-07-28 15:23 ` Andrew Cooper
[not found] ` <20150728151527.GI26623@x230.dumpdata.com>
2015-07-28 15:39 ` Boris Ostrovsky
[not found] ` <55B79E75.4010000@citrix.com>
2015-07-28 15:59 ` Boris Ostrovsky
2015-07-28 15:43 ` Andy Lutomirski
[not found] ` <CALCETrXt2OP=+JAj7gzUOJT+5=00Qg3Te11twSeK8F_9zn_nwg@mail.gmail.com>
2015-07-28 16:30 ` Andrew Cooper
[not found] ` <55B7AE39.7000101@citrix.com>
2015-07-28 17:07 ` Andy Lutomirski
[not found] ` <CALCETrVd56uwkZw0YtaSHKHp5dh7NugQouigibJkr=e3Q_mYyA@mail.gmail.com>
2015-07-28 17:10 ` Boris Ostrovsky
[not found] ` <55B7B791.2050208@oracle.com>
2015-07-29 0:21 ` Andy Lutomirski [this message]
[not found] ` <CALCETrXH5_PMqfH1en_5c+5gUpq8SjCnQ3Xaz-K6ej6FgBgLDQ@mail.gmail.com>
2015-07-29 0:47 ` Andrew Cooper
[not found] ` <55B822B8.3090608@citrix.com>
2015-07-29 3:01 ` Boris Ostrovsky
[not found] ` <55B841FF.2000102@oracle.com>
2015-07-29 4:26 ` Andy Lutomirski
2015-07-29 5:28 ` Andy Lutomirski
[not found] ` <CALCETrWkMRb+Y3FsJ7+kNYmPxtupM3ZPOeOPwagXytgBqM6tJQ@mail.gmail.com>
2015-07-29 14:21 ` Andrew Cooper
[not found] ` <55B8E16C.2050406@citrix.com>
2015-07-29 14:43 ` Boris Ostrovsky
[not found] ` <55B8E68B.2030305@oracle.com>
2015-07-29 19:03 ` Andrew Cooper
[not found] ` <55B9236B.9090507@citrix.com>
2015-07-29 21:23 ` Boris Ostrovsky
[not found] ` <55B94451.8040600@oracle.com>
2015-07-29 21:26 ` Andy Lutomirski
[not found] ` <CALCETrWA=hAyqqp=yzZ2r_S=9U9hLkd6dZEuNefew8hyLVA_eQ@mail.gmail.com>
2015-07-29 21:33 ` Boris Ostrovsky
2015-07-29 21:37 ` Andrew Cooper
[not found] ` <55B947AF.7020404@citrix.com>
2015-07-29 22:05 ` Andy Lutomirski
[not found] ` <CALCETrXp_DV-_Uvekwv7xLHO-5P8Oxkgn6OeXG-6tVOD4RkKMw@mail.gmail.com>
2015-07-29 22:11 ` Andrew Cooper
[not found] ` <55B94F9D.3000405@citrix.com>
2015-07-29 22:40 ` Boris Ostrovsky
2015-07-29 22:46 ` David Vrabel
2015-07-29 22:49 ` Boris Ostrovsky
[not found] ` <55B95863.2000102@oracle.com>
2015-07-29 22:55 ` David Vrabel
2015-07-29 23:02 ` Andrew Cooper
[not found] ` <55B95B70.8010902@citrix.com>
2015-07-29 23:13 ` Andy Lutomirski
[not found] ` <CALCETrWy93qobHmMWzTfqFN+0Y7DGyM7viwpPMGOeSiXEP0Z6w@mail.gmail.com>
2015-07-30 0:29 ` Andrew Cooper
[not found] ` <55B96FE0.6010600@citrix.com>
2015-07-30 18:30 ` Andy Lutomirski
[not found] ` <CALCETrUi2GBdGP2OX+3PwSf0UYjKuf2+DugENe3Y6mUoy-Rfkw@mail.gmail.com>
2015-07-30 18:54 ` Andrew Cooper
[not found] ` <55BA72E1.4050809@citrix.com>
2015-07-30 20:01 ` Boris Ostrovsky
[not found] ` <55BA828E.8070304@oracle.com>
2015-07-30 20:05 ` Andy Lutomirski
[not found] ` <CALCETrUsFn23tKf418VSbGCgXoXXRq8dk41ZfM3F55=_xWPQhw@mail.gmail.com>
2015-07-30 20:18 ` Boris Ostrovsky
2015-07-25 5:36 Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALCETrXH5_PMqfH1en_5c+5gUpq8SjCnQ3Xaz-K6ej6FgBgLDQ__30808.9128965095$1438129399$gmane$org@mail.gmail.com' \
--to=luto@amacapital.net \
--cc=andrew.cooper3@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=jbeulich@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peterz@infradead.org \
--cc=rostedt@goodmis.org \
--cc=sasha.levin@oracle.com \
--cc=security@kernel.org \
--cc=x86@kernel.org \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).