installctx needs kpreempt_disable protection
Upstreaming OS-7096 for bhyve:
Prior to OS-7034, updates to the ctxop list associated with a kthread were simple: The new item would update its next pointer to the value of t_ctx, then it would update t_ctx so it pointed at the new value. If a preemption occurred any time before the t_ctx update, the new item would not be called for save or restore. If it occurred after the t_ctx update, both savectx and restorectx would act upon the new time.
With the change to a doubly-linked list for ctxops, it is no longer safe to do this without kpreempt_disable protection. There is a short window between the prev field of the head item is updated and when t_ctx itself is pointed to the new item that a preemption would result in the savectx operation being skipped for the new item but the restorectx operation executing on it.
A simple application of kpreempt_disable/kpreempt_enable should be all that's needed to protect that window from danger.
I only caught this as I was reviewing ctxop-related code. The problematic behavior described is not something I've seen in the wild.
Updated by Electric Monk about 2 years ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
commit 6e2e67256d436ef900becfa771aee283e7e55430 Author: Patrick Mooney <firstname.lastname@example.org> Date: 2020-04-16T19:20:32.000Z 12477 ctxops should use stack ordering for save/restore 12478 installctx needs kpreempt_disable protection Reviewed by: John Levon <email@example.com> Reviewed by: Robert Mustacchi <firstname.lastname@example.org> Reviewed by: Jerry Jelinek <email@example.com> Reviewed by: Andy Fiddaman <firstname.lastname@example.org> Approved by: Dan McDonald <email@example.com>