Permalink
Browse files

kernel - Fix SMP race in VMM/VMX vmclear() call

* Fix an SMP race.  The pcpu vti field is used to trigger cpusync's from
  other cpus and cannot be cleared by the owning cpu until after it has
  vmclear'd and stopped using the structure.

Reported-by: tuxillo
  • Loading branch information...
1 parent cf18d79 commit c825189df5970fc591092fc240a9f14de46a9808 Matthew Dillon committed Feb 27, 2014
Showing with 9 additions and 2 deletions.
  1. +9 −2 sys/platform/pc64/vmm/vmx.c
@@ -516,12 +516,19 @@ execute_vmclear(void *data)
/*
* Must set vti->launched to zero after vmclear'ing to
* force a vmlaunch the next time.
+ *
+ * Must not clear the loaded_vmx field until after we call
+ * vmclear on the region. This field triggers the interlocked
+ * cpusync from another cpu trying to destroy or reuse
+ * the vti. If we clear the field first, the other cpu will
+ * not interlock and may race our vmclear() on the underlying
+ * memory.
*/
+ ERROR_IF(vmclear(vti->vmcs_region));
+error:
pcpu_info[gd->gd_cpuid].loaded_vmx = NULL;
vti->launched = 0;
- ERROR_IF(vmclear(vti->vmcs_region));
}
-error:
return;
}

0 comments on commit c825189

Please sign in to comment.