Google Git
Sign in
akaros/upstream/3edf19faec5def1f9055e0855101b5b00aee7bc6^!/.
commit
3edf19faec5def1f9055e0855101b5b00aee7bc6
[log] [tgz]
author
Barret Rhoden <brho@cs.berkeley.edu>
Fri Jan 13 17:38:34 2017 -0500
committer
Barret Rhoden <brho@cs.berkeley.edu>
Wed Jan 18 10:00:03 2017 -0500
tree
20c670e83f632492da414f019a70e0a963d9eedb
parent
56fbd8e93bd3438b186cc144a5e529018109f6e1 [diff]
x86: vmm: Disable IRQs when mucking with pcpu GPCs

vmx_clear_vmcs() is called from a few places, and interrupts could be on.
We could have had a race where we start to clear, then get interrupted by
an IPI/IKM that mucks with the per-cpu GPC state.  Then the interrupt
returns.  I didn't see this one - we'd probably need at least one VM
bouncing around the cores to get this bug.

Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>

diff --git a/kern/arch/x86/vmm/intel/vmx.c b/kern/arch/x86/vmm/intel/vmx.c
index 8e1033d..ad61e41 100644
--- a/kern/arch/x86/vmm/intel/vmx.c
+++ b/kern/arch/x86/vmm/intel/vmx.c

@@ -1357,8 +1357,11 @@
  * */
 void vmx_clear_vmcs(void)
 {
-	struct guest_pcore *gpc = PERCPU_VAR(gpc_to_clear_to);
+	struct guest_pcore *gpc;
+	int8_t irq_state = 0;
 
+	disable_irqsave(&irq_state);
+	gpc = PERCPU_VAR(gpc_to_clear_to);
 	if (gpc) {
 		vmcs_clear(gpc->vmcs);
 		ept_sync_context(gpc_get_eptp(gpc));
@@ -1367,6 +1370,7 @@
 		gpc->vmcs_core_id = -1;
 		PERCPU_VAR(gpc_to_clear_to) = NULL;
 	}
+	enable_irqsave(&irq_state);
 }
 
 static void __clear_vmcs(uint32_t srcid, long a0, long a1, long a2)
@@ -1416,6 +1420,7 @@
 	/* We don't have to worry about races yet.  No one will try to load gpc
 	 * until we've returned and unlocked, and no one will clear an old VMCS to
 	 * this GPC, since it was cleared before we finished loading (above). */
+	assert(!irq_is_enabled());
 	gpc->vmcs_core_id = core_id();
 	PERCPU_VAR(gpc_to_clear_to) = gpc;
 }