From: Keir Fraser <keir.fraser@citrix.com>
Date: Mon, 30 Aug 2010 07:39:52 +0000 (+0100)
Subject: ept: Put locks around ept_get_entry
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~11566
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=5c3f41d408cb14a9bc5a2a53f3ccd082447ab051;p=xen.git

ept: Put locks around ept_get_entry

There's a subtle race in ept_get_entry, such that if tries to read an
entry that ept_set_entry is modifying, it gets neither the old entry
nor the new entry, but empty.  In the case of multi-cpu
populate-on-demand guests, this manifests as a guest crash when one
vcpu tries to read a page which another page is trying to populate,
and ept_get_entry returns p2m_mmio_dm.

This bug can also be fixed by making both ept_set_entry and
ept_next_level access-once (i.e., ept_next_level reads full ept_entry
and then works with local value; ept_set_entry construct the entry
locally and then sets it in one write).  But there doesn't seem to be
any major performance implications of just making ept_get_entry use
locks; so the simpler, the better.

Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
---

diff --git a/xen/arch/x86/mm/hap/p2m-ept.c b/xen/arch/x86/mm/hap/p2m-ept.c
index 3172fa4dcd..72d6f5b6e8 100644
--- a/xen/arch/x86/mm/hap/p2m-ept.c
+++ b/xen/arch/x86/mm/hap/p2m-ept.c
@@ -431,6 +431,10 @@ static mfn_t ept_get_entry(struct p2m_domain *p2m,
     int i;
     int ret = 0;
     mfn_t mfn = _mfn(INVALID_MFN);
+    int do_locking = !p2m_locked_by_me(p2m);
+
+    if ( do_locking )
+        p2m_lock(p2m);
 
     *t = p2m_mmio_dm;
 
@@ -507,6 +511,8 @@ static mfn_t ept_get_entry(struct p2m_domain *p2m,
     }
 
 out:
+    if ( do_locking )
+        p2m_unlock(p2m);
     unmap_domain_page(table);
     return mfn;
 }