From patchwork Thu Sep 14 15:39:01 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Julien Grall X-Patchwork-Id: 9953393 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7352860230 for ; Thu, 14 Sep 2017 15:41:07 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6EB4D29133 for ; Thu, 14 Sep 2017 15:41:07 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 627CE29141; Thu, 14 Sep 2017 15:41:07 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B97BB29133 for ; Thu, 14 Sep 2017 15:41:06 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsWEQ-0007NU-KX; Thu, 14 Sep 2017 15:39:10 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsWEP-0007NA-Vj for xen-devel@lists.xen.org; Thu, 14 Sep 2017 15:39:10 +0000 Received: from [193.109.254.147] by server-8.bemta-6.messagelabs.com id 6F/96-17770-D92AAB95; Thu, 14 Sep 2017 15:39:09 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrFLMWRWlGSWpSXmKPExsVysyfVTXfOol2 RBo0bDCyWfFzM4sDocXT3b6YAxijWzLyk/IoE1oyVXzexFiziq7gx4yZzA+NM7i5GTg4hgc2M Eov/pXUxcgHZpxklXrXNZwdJsAloStz5/IkJxBYRkJa49vkyI4jNLBAn8X5RIwuILSzgITFl2 mMwm0VAVaJ72yqwGl4BC4n5q76BzZEQkJfY1XaRdQIj5wJGhlWMGsWpRWWpRbpGRnpJRZnpGS W5iZk5uoYGZnq5qcXFiempOYlJxXrJ+bmbGIH+YgCCHYxr5gceYpTkYFIS5d2ruzNSiC8pP6U yI7E4I76oNCe1+BCjDAeHkgTv+oW7IoUEi1LTUyvSMnOAgQOTluDgURLhnQCS5i0uSMwtzkyH SJ1i1OXouHn3D5MQS15+XqqUOG85SJEASFFGaR7cCFgQX2KUlRLmZQQ6SoinILUoN7MEVf4Vo zgHo5Iw73mQKTyZeSVwm14BHcEEdMSZ0ztAjihJREhJNTDO0jh8THI702ulsn/ZD5JERbxWBu +/rHP+j5fhxUXXjxpHvapw5/5zO+qBwBOxNm2JH39FU+ccEpVtei1fOcvg7/4jjD945qxpU89 xWarhzDY9YSZLV2Gu9ruXj7c7HwlpOPri+9UJqRVHtqo8Yqup+2Z/uVmox1lO82x60YTjT5jb 5/k2Sh1TYinOSDTUYi4qTgQAJlT93V0CAAA= X-Env-Sender: julien.grall@arm.com X-Msg-Ref: server-16.tower-27.messagelabs.com!1505403548!116467492!1 X-Originating-IP: [217.140.101.70] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 13379 invoked from network); 14 Sep 2017 15:39:08 -0000 Received: from foss.arm.com (HELO foss.arm.com) (217.140.101.70) by server-16.tower-27.messagelabs.com with SMTP; 14 Sep 2017 15:39:08 -0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.72.51.249]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 98C411435; Thu, 14 Sep 2017 08:39:07 -0700 (PDT) Received: from e108454-lin.cambridge.arm.com (e108454-lin.cambridge.arm.com [10.1.206.53]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id AE8573F483; Thu, 14 Sep 2017 08:39:05 -0700 (PDT) From: Julien Grall To: xen-devel@lists.xen.org Date: Thu, 14 Sep 2017 16:39:01 +0100 Message-Id: <20170914153901.6750-1-julien.grall@arm.com> X-Mailer: git-send-email 2.11.0 Cc: bhupinder.thakur@linaro.org, Julien Grall , sstabellini@kernel.org Subject: [Xen-devel] [PATCH] xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP *_mapped_gfn are currently read before acquiring the lock. However, they may be modified by the p2m code before the lock was acquired. This means we will use the wrong values. Fix it by moving the read inside the section protected by the p2m lock. Signed-off-by: Julien Grall Reviewed-by: Stefano Stabellini --- This patch should be backported to Xen 4.9 and Xen 4.8 --- xen/arch/arm/p2m.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index c484469e6c..d1260d3b4e 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -1292,13 +1292,13 @@ int relinquish_p2m_mapping(struct domain *d) p2m_type_t t; int rc = 0; unsigned int order; - - /* Convenience alias */ - gfn_t start = p2m->lowest_mapped_gfn; - gfn_t end = p2m->max_mapped_gfn; + gfn_t start, end; p2m_write_lock(p2m); + start = p2m->lowest_mapped_gfn; + end = p2m->max_mapped_gfn; + for ( ; gfn_x(start) < gfn_x(end); start = gfn_next_boundary(start, order) ) { @@ -1353,9 +1353,6 @@ int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr) p2m_type_t t; unsigned int order; - start = gfn_max(start, p2m->lowest_mapped_gfn); - end = gfn_min(end, p2m->max_mapped_gfn); - /* * The operation cache flush will invalidate the RAM assigned to the * guest in a given range. It will not modify the page table and @@ -1364,6 +1361,9 @@ int p2m_cache_flush(struct domain *d, gfn_t start, unsigned long nr) */ p2m_read_lock(p2m); + start = gfn_max(start, p2m->lowest_mapped_gfn); + end = gfn_min(end, p2m->max_mapped_gfn); + for ( ; gfn_x(start) < gfn_x(end); start = next_gfn ) { mfn_t mfn = p2m_get_entry(p2m, start, &t, NULL, &order);