lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 14 Nov 2013 16:39:59 -0200
From:	Marcelo Tosatti <mtosatti@...hat.com>
To:	Xiao Guangrong <xiaoguangrong@...ux.vnet.ibm.com>
Cc:	gleb@...hat.com, avi.kivity@...il.com, pbonzini@...hat.com,
	linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [PATCH v3 04/15] KVM: MMU: flush tlb out of mmu lock when
 write-protect the sptes

On Thu, Nov 14, 2013 at 01:15:24PM +0800, Xiao Guangrong wrote:
> 
> Hi Marcelo,
> 
> On 11/14/2013 08:36 AM, Marcelo Tosatti wrote:
> 
> > 
> > Any code location which reads the writable bit in the spte and assumes if its not
> > set, that the translation which the spte refers to is not cached in a
> > remote CPU's TLB can become buggy. (*)
> > 
> > It might be the case that now its not an issue, but its so subtle that
> > it should be improved.
> > 
> > Can you add a fat comment on top of is_writeable_bit describing this?
> > (and explain why is_writable_pte users do not make an assumption
> > about (*). 
> > 
> > "Writeable bit of locklessly modifiable sptes might be cleared
> > but TLBs not flushed: so whenever reading locklessly modifiable sptes
> > you cannot assume TLBs are flushed".
> > 
> > For example this one is unclear:
> > 
> >                 if (!can_unsync && is_writable_pte(*sptep))
> >                         goto set_pte;
> > And:
> > 
> >         if (!is_writable_pte(spte) &&
> >               !(pt_protect && spte_is_locklessly_modifiable(spte)))
> >                 return false;
> > 
> > This is safe because get_dirty_log/kvm_mmu_slot_remove_write_access are
> > serialized by a single mutex (if there were two mutexes, it would not be
> > safe). Can you add an assert to both
> > kvm_mmu_slot_remove_write_access/kvm_vm_ioctl_get_dirty_log 
> > for (slots_lock) is locked, and explain?
> > 
> > So just improve the comments please, thanks (no need to resend whole
> > series).
> 
> Thank you very much for your time to review it and really appreciate
> for you detailed the issue so clearly to me.
> 
> I will do it on the top of this patchset or after it is merged
> (if it's possiable).

Ok, can you explain why every individual caller of is_writable_pte have
no such assumption now? (the one mentioned above is not clear to me for
example, should explain all of them).

OK to improve comments later.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ