kernel - Fix SMP race in VMM/VMX vmclear() call

* Fix an SMP race. The pcpu vti field is used to trigger cpusync's from other cpus and cannot be cleared by the owning cpu until after it has vmclear'd and stopped using the structure. Reported-by: tuxillo
DragonFlyBSD · Feb 27, 2014 · c825189 · c825189
1 parent cf18d79
commit c825189
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/sys/platform/pc64/vmm/vmx.c b/sys/platform/pc64/vmm/vmx.c
@@ -516,12 +516,19 @@ execute_vmclear(void *data)
 		/*
 		 * Must set vti->launched to zero after vmclear'ing to
 		 * force a vmlaunch the next time.
+		 *
+		 * Must not clear the loaded_vmx field until after we call
+		 * vmclear on the region.  This field triggers the interlocked
+		 * cpusync from another cpu trying to destroy or reuse
+		 * the vti.  If we clear the field first, the other cpu will
+		 * not interlock and may race our vmclear() on the underlying
+		 * memory.
 		 */
+		ERROR_IF(vmclear(vti->vmcs_region));
+error:
 		pcpu_info[gd->gd_cpuid].loaded_vmx = NULL;
 		vti->launched = 0;
-		ERROR_IF(vmclear(vti->vmcs_region));
 	}
-error:
 	return;
 }