Hi Stefano and Wei,
On 17/05/16 12:24, Stefano Stabellini wrote:
I think you are right. Especially with backports in mind, it would be
better to introduce an __apply_p2m_changes function which assumes that
the p2m lock has already been taken by the caller. Then you can base the
implementation of apply_p2m_changes on it.
On Tue, 17 May 2016, Wei Chen wrote:
Hi Julien,
I have some concern about this patch. Because we released the spinlock
before remove the mapped memory. If somebody acquires the spinlock
before we remove the mapped memory, this mapped memory region can be
accessed by guest.
The apply_p2m_changes is no longer atomic. Is it a security risk?
Accesses to the page table have never been atomic, as soon as an entry
is written in the page tables, the guest vCPUs or a prefetcher could
read it.
The spinlock is only here to protect the page tables against concurrent
modifications. Releasing the lock is not an issue as Xen does not
promise any ordering for the p2m changes.
Regards,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
