[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (VIRTIO-35) race condition with multi-dword config accesses
[ https://tools.oasis-open.org/issues/browse/VIRTIO-35?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Tsirkin updated VIRTIO-35: ---------------------------------- Affects Version/s: virtio 0.9.X legacy Description: on many architectures, accesses larger than 32 bit can not be atomic. Thus access to a device config field of >4 bytes is inherently racy in case field can change. For example, virtio-blk has u64 capacity; The following race can trigger: driver reads low 32 bit both low and high 32 bit change driver reads high 32 bit as a result, capacity observed is composed of old low bits and new high bits which does not make sense. For legacy devices, spec allowed byte by byte access, making the race even more common. was: on many architectures, accesses larger than 32 bit can not be atomic. Thus access to a device config field of >4 bytes is inherently racy in case field can change. For example, virtio-blk has u64 capacity; The following race can trigger: driver reads low 32 bit both low and high 32 bit change driver reads high 32 bit as a result, capacity observed is composed of old low bits and new high bits which does not make sense. For legacy devices, spec allowed byte by byte access, making the race even more common. Proposal: - for RW fields, document that devices should not make fields > 32 byte writeable - add a way to detect configuration changes during access, driver can re-read configuration https://lists.oasis-open.org/archives/virtio/201310/msg00034.html was: - for RW fields, document that devices should not make fields > 32 byte writeable - add a way to detect configuration changes during access, driver can re-read configuration https://lists.oasis-open.org/archives/virtio/201310/msg00034.html > race condition with multi-dword config accesses > ----------------------------------------------- > > Key: VIRTIO-35 > URL: https://tools.oasis-open.org/issues/browse/VIRTIO-35 > Project: OASIS Virtual I/O Device (VIRTIO) TC > Issue Type: Bug > Affects Versions: virtio 0.9.X legacy > Reporter: Michael Tsirkin > Fix For: virtio 1.0 csprd01 > > > on many architectures, accesses larger than 32 bit can not be atomic. > Thus access to a device config field of >4 bytes is inherently racy > in case field can change. > For example, virtio-blk has > u64 capacity; > The following race can trigger: > driver reads low 32 bit > both low and high 32 bit change > driver reads high 32 bit > as a result, capacity observed is composed of > old low bits and new high bits which does not > make sense. > For legacy devices, spec allowed byte by byte access, > making the race even more common. -- This message was sent by Atlassian JIRA (v6.1.1#6155)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]