From nobody Mon Feb 9 09:34:42 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1588259784; cv=none; d=zohomail.com; s=zohoarc; b=GPH4hMACYdP+AluIymHrBwRKGR1bNeXHEQCGXEFXZ4BmnFG7fxTtf2B0Cjaawls6OqR1FWm/i03QmLIfWFBUrteyO7SAgJc8QcPRI1xMxlsbkT6Gv6ZHeeH8ggeWNbI80FGl8TWLsccbnViG1uxCzy5d5jApdxiSE7Dmt1Zn/8s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1588259784; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=qh+PebWsGwiQs5LhsWZy/Pv9i/n3VJ/XDLykn4j7aRw=; b=DKiu8iZXFn4NNYCk89SfOZSG0cwIU58QbKRUzsmTGASQPTrjr1E7eyYY+udQcIzUZCenQHeHBEsnijDZ5Wx7ce1pT3i7KW1KYiGjzZfYbG8XR5kPzqqe5ME/gxSQ+EEfKw7EY/xbtMoxu0DMOAUORt9wf8Vc7B4z89UDhFigr3o= ARC-Authentication-Results: i=1; mx.zohomail.com; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1588259784437804.5657632023565; Thu, 30 Apr 2020 08:16:24 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jUAv4-0007Qi-KQ; Thu, 30 Apr 2020 15:16:10 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jUAv2-0007QH-Qs for xen-devel@lists.xenproject.org; Thu, 30 Apr 2020 15:16:08 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 81432d56-8af5-11ea-9887-bc764e2007e4; Thu, 30 Apr 2020 15:16:03 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 62BACADCD; Thu, 30 Apr 2020 15:16:01 +0000 (UTC) X-Inumbo-ID: 81432d56-8af5-11ea-9887-bc764e2007e4 X-Virus-Scanned: by amavisd-new at test-mx.suse.de From: Juergen Gross To: xen-devel@lists.xenproject.org Subject: [PATCH 2/3] xen/sched: fix theoretical races accessing vcpu->dirty_cpu Date: Thu, 30 Apr 2020 17:15:58 +0200 Message-Id: <20200430151559.1464-3-jgross@suse.com> X-Mailer: git-send-email 2.16.4 In-Reply-To: <20200430151559.1464-1-jgross@suse.com> References: <20200430151559.1464-1-jgross@suse.com> X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Stefano Stabellini , Julien Grall , Wei Liu , Andrew Cooper , Ian Jackson , George Dunlap , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The dirty_cpu field of struct vcpu denotes which cpu still holds data of a vcpu. All accesses to this field should be atomic in case the vcpu could just be running, as it is accessed without any lock held in most cases. There are some instances where accesses are not atomically done, and even worse where multiple accesses are done when a single one would be mandated. Correct that in order to avoid potential problems. Add some assertions to verify dirty_cpu is handled properly. Signed-off-by: Juergen Gross --- xen/arch/x86/domain.c | 14 ++++++++++---- xen/include/xen/sched.h | 2 +- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index a4428190d5..f0579a56d1 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1769,6 +1769,7 @@ static void __context_switch(void) =20 if ( !is_idle_domain(pd) ) { + ASSERT(read_atomic(&p->dirty_cpu) =3D=3D cpu); memcpy(&p->arch.user_regs, stack_regs, CTXT_SWITCH_STACK_BYTES); vcpu_save_fpu(p); pd->arch.ctxt_switch->from(p); @@ -1832,7 +1833,7 @@ void context_switch(struct vcpu *prev, struct vcpu *n= ext) { unsigned int cpu =3D smp_processor_id(); const struct domain *prevd =3D prev->domain, *nextd =3D next->domain; - unsigned int dirty_cpu =3D next->dirty_cpu; + unsigned int dirty_cpu =3D read_atomic(&next->dirty_cpu); =20 ASSERT(prev !=3D next); ASSERT(local_irq_is_enabled()); @@ -1844,6 +1845,7 @@ void context_switch(struct vcpu *prev, struct vcpu *n= ext) { /* Remote CPU calls __sync_local_execstate() from flush IPI handle= r. */ flush_mask(cpumask_of(dirty_cpu), FLUSH_VCPU_STATE); + ASSERT(read_atomic(&next->dirty_cpu) =3D=3D VCPU_CPU_CLEAN); } =20 _update_runstate_area(prev); @@ -1956,13 +1958,17 @@ void sync_local_execstate(void) =20 void sync_vcpu_execstate(struct vcpu *v) { - if ( v->dirty_cpu =3D=3D smp_processor_id() ) + unsigned int dirty_cpu =3D read_atomic(&v->dirty_cpu); + + if ( dirty_cpu =3D=3D smp_processor_id() ) sync_local_execstate(); - else if ( vcpu_cpu_dirty(v) ) + else if ( is_vcpu_dirty_cpu(dirty_cpu) ) { /* Remote CPU calls __sync_local_execstate() from flush IPI handle= r. */ - flush_mask(cpumask_of(v->dirty_cpu), FLUSH_VCPU_STATE); + flush_mask(cpumask_of(dirty_cpu), FLUSH_VCPU_STATE); } + ASSERT(read_atomic(&v->dirty_cpu) !=3D dirty_cpu || + dirty_cpu =3D=3D VCPU_CPU_CLEAN); } =20 static int relinquish_memory( diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h index 195e7ee583..008d3c8861 100644 --- a/xen/include/xen/sched.h +++ b/xen/include/xen/sched.h @@ -844,7 +844,7 @@ static inline bool is_vcpu_dirty_cpu(unsigned int cpu) =20 static inline bool vcpu_cpu_dirty(const struct vcpu *v) { - return is_vcpu_dirty_cpu(v->dirty_cpu); + return is_vcpu_dirty_cpu(read_atomic(&v->dirty_cpu)); } =20 void vcpu_block(void); --=20 2.16.4