[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [virtio] [OASIS Issue Tracker] Created: (VIRTIO-35) race condition with multi-dword config accesses
OASIS Issues Tracker <firstname.lastname@example.org> writes: > race condition with multi-dword config accesses > ----------------------------------------------- > > Key: VIRTIO-35 > URL: http://tools.oasis-open.org/issues/browse/VIRTIO-35 > Project: OASIS Virtual I/O Device (VIRTIO) TC > Issue Type: Bug > Reporter: Michael Tsirkin > > > on many architectures, accesses larger than 32 bit can not be atomic. > Thus access to a device config field of >4 bytes is inherently racy > in case field can change. > > For example, virtio-blk has > u64 capacity; > The following race can trigger: > driver reads low 32 bit > both low and high 32 bit change > driver reads high 32 bit > > as a result, capacity observed is composed of > old low bits and new high bits which does not > make sense. > > For legacy devices, spec allowed byte by byte access, > making the race even more common. Yes, in theory this is a problem with virtio_blk, which could change capacity (the spec is silent on this, but the Linux driver will handle it by re-reading capacity, exposing this race). I don't think qemu supports changing a disk underneath a device anyway? And in practice, I'm not sure it would ever change fast enough to trigger this race... So, should we try to fix it? Rusty.