From patchwork Thu Sep 14 15:39:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 112573 Delivered-To: patch@linaro.org Received: by 10.80.163.150 with SMTP id s22csp773618edb; Thu, 14 Sep 2017 08:40:50 -0700 (PDT) X-Google-Smtp-Source: AOwi7QDqTE6a3ZPSyXJBnHCU7Hs01mlHwVCj6TLiHnTQzi43n6NxBo3tG1EOQCwINUxkhIVljlua X-Received: by 10.107.175.21 with SMTP id y21mr3210577ioe.71.1505403650543; Thu, 14 Sep 2017 08:40:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1505403650; cv=none; d=google.com; s=arc-20160816; b=qDPFVxSDr123qr2MI7bUvMVPLgiRUU9i+SBrTBlHt8PGoAuXY/QUS2JSTc/28Bli0i zQWZ7mKaH1kmrOVTTXgVBIq1/zZAqodh0jlYPpDF4KyOnhtmRELj1AhSY0sV6XsrN1Tm 0IuUOicFb7i2udnaqJbx2qx4afoFiNfyGdTHoCPtvlKJKIJDfXKmXKF8WQ2rK8w3/Umg Dr0X78VYC1ljqnKatKFmOGanwgV8ZYAAZo9H3ugaSYW1GAF/9i0iqPTSQA7E4JlTJai3 GE4jr9BfPJYrcksCipmomARyImK1kiT6vgKWA6YfX1w6eUoiQX24HV9slMzyPu2QJn5L bQVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version :list-subscribe:list-help:list-post:list-unsubscribe:list-id :precedence:subject:cc:message-id:date:to:from :arc-authentication-results; bh=sEasfD4fywoyLZUmvQStRU9XvUsHUsJZ3imY0rKbXyI=; b=iYXJbYXfVgsoICLoHDYiCJvmO0mRCnryNGbfo77voEH1oKIwwZAMATCq3bU1ozqTyR S3R17sjKlmcJkfwGy8oJjCcHlbcjUNlTMQWY163WX07+1V6zcTwTBULiIQsbiqL8kIJS POfPRXmpSReoY0WZqqd/AzfqY8HD9WxpwPW9JlCxLlsxS4/D5VclYcLVekAWs/UxsBYk gju3+sos6F5xVhCmTwr0BYiWL8bwiN/Kljy2qNXVBhMFJK+TiamYnUnCc6Tbl58Lrzco 3yeWyurpAfsi8zDsegZmCqa7/nuRtim0Fnx1ny+Du4sGrM8jxFA117UQJoah6dN2a88c A5Kg== ARC-Authentication-Results: i=1; mx.google.com; spf=neutral (google.com: 192.237.175.120 is neither permitted nor denied by best guess record for domain of xen-devel-bounces@lists.xen.org) smtp.mailfrom=xen-devel-bounces@lists.xen.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org. [192.237.175.120]) by mx.google.com with ESMTPS id v194si308473itb.131.2017.09.14.08.40.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Sep 2017 08:40:50 -0700 (PDT) Received-SPF: neutral (google.com: 192.237.175.120 is neither permitted nor denied by best guess record for domain of xen-devel-bounces@lists.xen.org) client-ip=192.237.175.120; Authentication-Results: mx.google.com; spf=neutral (google.com: 192.237.175.120 is neither permitted nor denied by best guess record for domain of xen-devel-bounces@lists.xen.org) smtp.mailfrom=xen-devel-bounces@lists.xen.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsWEQ-0007NU-KX; Thu, 14 Sep 2017 15:39:10 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsWEP-0007NA-Vj for xen-devel@lists.xen.org; Thu, 14 Sep 2017 15:39:10 +0000 Received: from [193.109.254.147] by server-8.bemta-6.messagelabs.com id 6F/96-17770-D92AAB95; Thu, 14 Sep 2017 15:39:09 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrFLMWRWlGSWpSXmKPExsVysyfVTXfOol2 RBo0bDCyWfFzM4sDocXT3b6YAxijWzLyk/IoE1oyVXzexFiziq7gx4yZzA+NM7i5GTg4hgc2M Eov/pXUxcgHZpxklXrXNZwdJsAloStz5/IkJxBYRkJa49vkyI4jNLBAn8X5RIwuILSzgITFl2 mMwm0VAVaJ72yqwGl4BC4n5q76BzZEQkJfY1XaRdQIj5wJGhlWMGsWpRWWpRbpGRnpJRZnpGS W5iZk5uoYGZnq5qcXFiempOYlJxXrJ+bmbGIH+YgCCHYxr5gceYpTkYFIS5d2ruzNSiC8pP6U yI7E4I76oNCe1+BCjDAeHkgTv+oW7IoUEi1LTUyvSMnOAgQOTluDgURLhnQCS5i0uSMwtzkyH SJ1i1OXouHn3D5MQS15+XqqUOG85SJEASFFGaR7cCFgQX2KUlRLmZQQ6SoinILUoN7MEVf4Vo zgHo5Iw73mQKTyZeSVwm14BHcEEdMSZ0ztAjihJREhJNTDO0jh8THI702ulsn/ZD5JERbxWBu +/rHP+j5fhxUXXjxpHvapw5/5zO+qBwBOxNm2JH39FU+ccEpVtei1fOcvg7/4jjD945qxpU89 xWarhzDY9YSZLV2Gu9ruXj7c7HwlpOPri+9UJqRVHtqo8Yqup+2Z/uVmox1lO82x60YTjT5jb 5/k2Sh1TYinOSDTUYi4qTgQAJlT93V0CAAA= X-Env-Sender: julien.grall@arm.com X-Msg-Ref: server-16.tower-27.messagelabs.com!1505403548!116467492!1 X-Originating-IP: [217.140.101.70] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 13379 invoked from network); 14 Sep 2017 15:39:08 -0000 Received: from foss.arm.com (HELO foss.arm.com) (217.140.101.70) by server-16.tower-27.messagelabs.com with SMTP; 14 Sep 2017 15:39:08 -0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 98C411435; Thu, 14 Sep 2017 08:39:07 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id AE8573F483; Thu, 14 Sep 2017 08:39:05 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xen.org Date: Thu, 14 Sep 2017 16:39:01 +0100 Message-Id: <20170914153901.6750-1-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 Cc: bhupinder.thakur@linaro.org, Julien Grall , sstabellini@kernel.org Subject: [Xen-devel] [PATCH] xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" *_mapped_gfn are currently read before acquiring the lock. However, they may be modified by the p2m code before the lock was acquired. This means we will use the wrong values. Fix it by moving the read inside the section protected by the p2m lock. Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- This patch should be backported to Xen 4.9 and Xen 4.8 --- xen/arch/arm/p2m.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index c484469e6c..d1260d3b4e 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -1292,13 +1292,13 @@ int relinquish_p2m_mapping(struct domain *d) p2m_type_t t; int rc = 0; unsigned int order; - - /* Convenience alias */ - gfn_t start = p2m->lowest_mapped_gfn; - gfn_t end = p2m->max_mapped_gfn; + gfn_t start, end; p2m_write_lock(p2m); + start = p2m->lowest_mapped_gfn; + end = p2m->max_mapped_gfn; + for ( ; gfn_x(start) < gfn_x(end); start = gfn_next_boundary(start, order) ) { @@ -1353,9 +1353,6 @@ int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr) p2m_type_t t; unsigned int order; - start = gfn_max(start, p2m->lowest_mapped_gfn); - end = gfn_min(end, p2m->max_mapped_gfn); - /* * The operation cache flush will invalidate the RAM assigned to the * guest in a given range. It will not modify the page table and @@ -1364,6 +1361,9 @@ int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr) */ p2m_read_lock(p2m); + start = gfn_max(start, p2m->lowest_mapped_gfn); + end = gfn_min(end, p2m->max_mapped_gfn); + for ( ; gfn_x(start) < gfn_x(end); start = next_gfn ) { mfn_t mfn = p2m_get_entry(p2m, start, &t, NULL, &order);