lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 28 Nov 2012 20:07:00 -0200
From:	Marcelo Tosatti <mtosatti@...hat.com>
To:	Xiao Guangrong <xiaoguangrong@...ux.vnet.ibm.com>
Cc:	Gleb Natapov <gleb@...hat.com>, Avi Kivity <avi@...hat.com>,
	LKML <linux-kernel@...r.kernel.org>, KVM <kvm@...r.kernel.org>
Subject: Re: [PATCH 2/3] KVM: x86: let reexecute_instruction work for tdp

On Wed, Nov 28, 2012 at 10:55:26PM +0800, Xiao Guangrong wrote:
> On 11/28/2012 10:01 PM, Gleb Natapov wrote:
> > On Wed, Nov 28, 2012 at 11:15:13AM +0800, Xiao Guangrong wrote:
> >> On 11/28/2012 07:32 AM, Marcelo Tosatti wrote:
> >>> On Tue, Nov 27, 2012 at 11:13:11AM +0800, Xiao Guangrong wrote:
> >>>>>> +static bool reexecute_instruction(struct kvm_vcpu *vcpu, unsigned long cr2)
> >>>>>>  {
> >>>>>> -	gpa_t gpa;
> >>>>>> +	gpa_t gpa = cr2;
> >>>>>>  	pfn_t pfn;
> >>>>>>
> >>>>>> -	if (tdp_enabled)
> >>>>>> +	if (!ACCESS_ONCE(vcpu->kvm->arch.indirect_shadow_pages))
> >>>>>>  		return false;
> >>>>>
> >>>>> How is indirect_shadow_pages protected? Why is ACCESS_ONCE() being used
> >>>>> to read it?
> >>>>
> >>>> Hi Marcelo,
> >>>>
> >>>> It is protected by mmu-lock for it only be changed when mmu-lock is hold. And
> >>>> ACCESS_ONCE is used on read path avoiding magic optimization from compiler.
> >>>
> >>> Please switch to mmu_lock protection, there is no reason to have access
> >>> to this variable locklessly - not performance critical.
> >>>
> >>> For example, there is no use of barriers when modifying the variable.
> >>
> >> This is not bad, the worst case is, the direct mmu failed to unprotect the shadow
> >> pages, (meet indirect_shadow_pages = 0, but there has shadow pages being shadowed.),
> >> after enter to guest, we will go into reexecute_instruction again, then it will
> >> remove shadow pages.
> >>
> > Isn't the same scenario can happen even with mmu lock around
> > indirect_shadow_pages access?
> 
> Hmm..., i also think it is no different. Even using mmu-lock, we can not
> prevent the target pfn can not be write-protected later. Marcelo?

In this particular case, it appears to be harmless (unsure if
kvm_mmu_pte_write one is safe). The point is, lockless access should not
be special.

Lockless access must be carefully documented (access protocol to
variables documented, all possible cases listed), and done when
necessary due to performance. Otherwise, don't do it.

On this case, its not necessary.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ