On 15/02/2019 13:37, George Dunlap wrote: > >>> The one issue is that domain_pause_except_self() currently is actually a >>> deadlock risk if two different vcpus start it at the same time. I think >>> the >>> attached patch (compile-tested only) should fix this issue; after this >>> patch >>> you should be able to use domain_pause_except_self() in >>> altp2m_set_domain_state instead. >> There's one thing I don't really like here, which is a result of the >> (necessary) re-use of the hypercall deadlock mutex: This >> certainly poses the risk of getting called from a context where >> the lock was already acquired. Therefore I'd like to suggest to >> use this lock in a recursive way (here and elsewhere).
I can't think of a usecase were we would want to tolerate recursion on the hypercall deadlock spinlock. I'd assert/domain_crash() that its not locked by the current cpu, rather than complicating everything for a theoretical case of questionable utility. Attempted nesting of this lock isn't a security issue, because all that will happen is that the vcpu will livelock taking continuations. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel