From nobody Sat Sep 21 05:29:52 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1675200597; cv=none; d=zohomail.com; s=zohoarc; b=bW7mD6Otop5M+OnbA9dbcRN0JlJ996zRAGA2U/lnhhXHaK7RBOlVCxbVoBA3m/YAExhtek6sG/MiK1Id7f0yexx/NfYtKP9ZbIRH5aeZnb+0uR+muY6h80Bb+B3h/4ykA5cszh/EX9gcIhDiqijh2an8ldye+EkunzpMoUXSmOs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1675200597; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=qVVA70P9/qYLOR2QmymZICImaE5GgQYPwFqHPmqmX5U=; b=RginT+mBxOi0A9oiCYTqOtnnmC9MXDMH5Ur457fXnAyDOuA+vBqLPXtmUtsmKTPbM0d79u+A1WG4v6iKb2VkzI3uohp0UEYcftHeRmAmQyo+cdWeRQyYndXmSza16UEV3gTIkh4NkmBdolP/FXACQbWQFSWox9rfq8EKucVF29I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1675200597535968.9656435197966; Tue, 31 Jan 2023 13:29:57 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.487851.755623 (Exim 4.92) (envelope-from ) id 1pMyC9-0001lE-2r; Tue, 31 Jan 2023 21:29:37 +0000 Received: by outflank-mailman (output) from mailman id 487851.755623; Tue, 31 Jan 2023 21:29:37 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pMyC8-0001j6-PF; Tue, 31 Jan 2023 21:29:36 +0000 Received: by outflank-mailman (input) for mailman id 487851; Tue, 31 Jan 2023 21:29:34 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pMyC6-0000Nb-Km for xen-devel@lists.xenproject.org; Tue, 31 Jan 2023 21:29:34 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 5908c139-a1ae-11ed-933c-83870f6b2ba8; Tue, 31 Jan 2023 22:29:32 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5908c139-a1ae-11ed-933c-83870f6b2ba8 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1675200572; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DuMXyrr37uOetL3gBS1wPn+orSXwgbl8VJbcI3sGhvc=; b=Ualea35HX4y91C5TstnZbZvNo7xjd/wVtHCYkgPb/79wLexkIhn8FGS5 8R4yewTlbnn0PswKqrQ/g7D0IHilaEizMxQ6vDJIjf3ws1B5d4bAblvpB wiH7KwSZcNP7JRuBueqnDJ+RSW7lczhNEY1DcYk9YJYgjhYTlQBZOoFgT Y=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: 4.0 X-MesageID: 95499184 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.123 X-Policy: $RELAYED IronPort-Data: A9a23:Gk3+MazYHRxfxxsTyDp6t+c2xirEfRIJ4+MujC+fZmUNrF6WrkUGz 2MYWjuBPKmIYTH8L4onOYvjo0gE75SDydNhSAc5rSAxQypGp/SeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUFUjP3OHfykTbaeYUidfCc8IA85kxVvhuUltYBhhNm9Emult Mj75sbSIzdJ4RYtWo4vw//F+UwHUMja4mtC5QRnPqkT5zcyqlFOZH4hDfDpR5fHatE88t6SH 47r0Ly/92XFyBYhYvvNfmHTKxBirhb6ZGBiu1IOM0SQqkEqSh8ai87XAME0e0ZP4whlqvgqo Dl7WT5cfi9yVkHEsLx1vxC1iEiSN4UekFPMCSDXXcB+UyQq2pYjqhljJBheAGEWxgp4KUhW0 KQqbxITVwmKiu6Sm+6SeNt9v+12eaEHPKtH0p1h5TTQDPJgSpHfWaTao9Rf2V/chOgXQ6yYP ZBAL2MyMlKZOUYn1lQ/UfrSmM+BgHXlfiIeg1WSvactuEDYzRBr0airO93QEjCPbZQIwhfJ/ zKal4j/Ki8lNMbA6AurzmKDueXSkg/ZXZwxEYTto5aGh3XMnzdOWXX6T2CTsfS/z0KzRd9bA 0gV4TY167g/8lSxSdvwVAH+p2SL1jYQUsRdO/c34waMzuzT+QnxO4QfZmcfMpp87pZwHGF0k AbTxLsFGACDrpW8UVfFxPC2swqrMCUZCTReTB02XDIstoyLTJ4IsjrDSdNqEaiQh9LzGC3tz z3ikBXSl4n/nuZQifzloAmvbyaE48GQE1Vrvlm/sneNtFsRWWKzW2C/BbE3B95kJZ3RcFSOt WNsdyO2vLFXVsHleMBgrYww8FCVCxStamW0bb1HRcNJG9GRF5mLI+htDMlWfhsBDyr9UWaBj LXvkQ1Q/oRPG3ChcLV6ZYm8Y+xzk/e9TIW9DqiJNIARCnSUSONg1Hg+DXN8Iki3yBR8+U3BE cjznTmQ4YYyVv08kWveqxY12r433CEurV4/triipylLJYG2PSbPIZ9caQvmUwzMxP/cyOkj2 4oFZpTiJtQ2eLGWXxQ7BqZIdAxUdidmWcqmwyGVH8baSjdb9KgaI6e56dscl0ZNxsy5Ss+gE qmBZ3Jl IronPort-HdrOrdr: A9a23:nQbdZ6p2m/YJiPBfwBbHvWUaV5syLNV00zEX/kB9WHVpm5Oj+v xGzc5w6farsl0ssSkb6Ki90KnpexPhHO1OkPIs1NaZLUDbUQSTXeVfBOfZrQEIXheOj9K1tp 0QO5SWaueAamSS5PySiGXWLz9j+qjgzEnCv5a8854Zd3AOV0gW1XYaNu/0KCxLbTgDIaB8OI uX58JBqTblUXMLbv6jDn1Ac/nfq8bNnJfGZwdDIxI88gGBgR6h9ba/SnGjr10jegIK5Y1n3X nOkgT/6Knmm/anyiXE32uWw4VKlMDnwt5jAtXJrsQOMD3jhiuheYwkcbyfuzIepv2p9T8R4Z LxiiZlG/42x2Laf2mzrxeo8RLnyiwS53jrzkLdqWf/oOTiLQhKR/ZptMZ8SF/0+kAgtNZz3O ZgxGSCradaChvGgWDU+8XIbRd3jUC5yEBS3tL7zkYvH7f2WoUh7bD3z3klU6vo2xiKqrzPJd MeTf00IswmNG9yIUqp+lWHi+bcJEjbVi32P3Tq/PblngS+1UoJs3cw1YgRmGwN+4k6TIQB7+ PYMr5wnLULVcMOa7lhbd1xNfdfJ1a9My4kCljiVGjPBeUCITbAupT36LI66KWjf4EJ1oI7nN DEXElDvWA/dkryAYnWtac7hCzlUSG4R3Dg28te7592tvn1Q6fqKzSKTBQrn9G7q/sSD8XHU7 K4OY5QAfXkMWzycLw5qDHWSt1XMz0TQccVstE0VxaHpd/KMJTjsqjBfPPaNNPWYEUZs6PEcw s+tRTIVbR9BxqQKwDFaTDqKg3QRnA= X-IronPort-AV: E=Sophos;i="5.97,261,1669093200"; d="scan'208";a="95499184" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Christian Lindig , David Scott , =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= , Rob Hoes Subject: [PATCH 6/7] tools/ocaml/xc: Don't reference Abstract_Tag objects with the GC lock released Date: Tue, 31 Jan 2023 21:29:12 +0000 Message-ID: <20230131212913.6199-7-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20230131212913.6199-1-andrew.cooper3@citrix.com> References: <20230131212913.6199-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1675200601519100007 The intf->{addr,len} references in the xc_map_foreign_range() call are unsa= fe. From the manual: https://ocaml.org/manual/intfc.html#ss:parallel-execution-long-running-c-= code "After caml_release_runtime_system() was called and until caml_acquire_runtime_system() is called, the C code must not access any OCa= ml data, nor call any function of the run-time system, nor call back into OCaml code." More than what the manual says, the intf pointer is (potentially) invalidat= ed by caml_enter_blocking_section() if another thread happens to perform garba= ge collection at just the right (wrong) moment. Rewrite the logic. There's no need to stash data in the Ocaml object until the success path at the very end. Fixes: 8b7ce06a2d34 ("ocaml: Add XC bindings.") Signed-off-by: Andrew Cooper --- CC: Christian Lindig CC: David Scott CC: Edwin T=C3=B6r=C3=B6k CC: Rob Hoes Note: the mmap stub has a similar pattern when constructing a mmap_interfac= e, but, but it's not actually unsafe because it doesn't drop the GC lock. _H() is buggy too, but this patch needs backporting further than that fix. --- tools/ocaml/libs/xc/xenctrl_stubs.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/tools/ocaml/libs/xc/xenctrl_stubs.c b/tools/ocaml/libs/xc/xenc= trl_stubs.c index 291663bb278a..e5277f6f19a2 100644 --- a/tools/ocaml/libs/xc/xenctrl_stubs.c +++ b/tools/ocaml/libs/xc/xenctrl_stubs.c @@ -1028,26 +1028,25 @@ CAMLprim value stub_map_foreign_range(value xch, va= lue dom, CAMLparam4(xch, dom, size, mfn); CAMLlocal1(result); struct mmap_interface *intf; - uint32_t c_dom; - unsigned long c_mfn; + unsigned long c_mfn =3D Nativeint_val(mfn); + int len =3D Int_val(size); + void *ptr; =20 BUILD_BUG_ON((sizeof(struct mmap_interface) % sizeof(value)) !=3D 0); result =3D caml_alloc(Wsize_bsize(sizeof(struct mmap_interface)), Abstract_tag); =20 - intf =3D (struct mmap_interface *) result; - - intf->len =3D Int_val(size); - - c_dom =3D _D(dom); - c_mfn =3D Nativeint_val(mfn); caml_enter_blocking_section(); - intf->addr =3D xc_map_foreign_range(_H(xch), c_dom, - intf->len, PROT_READ|PROT_WRITE, - c_mfn); + ptr =3D xc_map_foreign_range(_H(xch), _D(dom), len, + PROT_READ|PROT_WRITE, c_mfn); caml_leave_blocking_section(); - if (!intf->addr) + + if (!ptr) caml_failwith("xc_map_foreign_range error"); + + intf =3D Data_abstract_val(result); + *intf =3D (struct mmap_interface){ ptr, len }; + CAMLreturn(result); } =20 --=20 2.11.0