# HG changeset patch
# User Olaf Hering <olaf@xxxxxxxxx>
# Date 1317900797 -3600
# Node ID 50ee6be5646054059b766edfef7ad2b186ec95f8
# Parent ecab267b85ef0f6721a760ca1b1966d8cef1c7c6
xenpaging: fix locking in p2m_mem_paging functions
As suggested by <hongkaixing@xxxxxxxxxx>, query and adjust the p2mt
under the p2m_lock to prevent races with PoD.
Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
Acked-by: Tim Deegan <tim@xxxxxxx>
Committed-by: Tim Deegan <tim@xxxxxxx>
---
diff -r ecab267b85ef -r 50ee6be56460 xen/arch/x86/mm/p2m.c
--- a/xen/arch/x86/mm/p2m.c Thu Oct 06 12:33:17 2011 +0100
+++ b/xen/arch/x86/mm/p2m.c Thu Oct 06 12:33:17 2011 +0100
@@ -675,6 +675,8 @@
mfn_t mfn;
int ret;
+ p2m_lock(p2m);
+
mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL);
/* Check if mfn is valid */
@@ -701,14 +703,12 @@
goto out;
/* Fix p2m entry */
- p2m_lock(p2m);
set_p2m_entry(p2m, gfn, mfn, 0, p2m_ram_paging_out, a);
audit_p2m(p2m, 1);
- p2m_unlock(p2m);
-
ret = 0;
out:
+ p2m_unlock(p2m);
return ret;
}
@@ -719,30 +719,31 @@
p2m_access_t a;
mfn_t mfn;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
+ int ret = -EINVAL;
+
+ p2m_lock(p2m);
/* Get mfn */
mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL);
if ( unlikely(!mfn_valid(mfn)) )
- return -EINVAL;
+ goto out;
if ( (p2mt == p2m_ram_paged) || (p2mt == p2m_ram_paging_in) ||
(p2mt == p2m_ram_paging_in_start) )
- return -EINVAL;
+ goto out;
/* Get the page so it doesn't get modified under Xen's feet */
page = mfn_to_page(mfn);
if ( unlikely(!get_page(page, d)) )
- return -EINVAL;
+ goto out;
/* Decrement guest domain's ref count of the page */
if ( test_and_clear_bit(_PGC_allocated, &page->count_info) )
put_page(page);
/* Remove mapping from p2m table */
- p2m_lock(p2m);
set_p2m_entry(p2m, gfn, _mfn(INVALID_MFN), 0, p2m_ram_paged, a);
audit_p2m(p2m, 1);
- p2m_unlock(p2m);
/* Put the page back so it gets freed */
put_page(page);
@@ -750,7 +751,11 @@
/* Track number of paged gfns */
atomic_inc(&d->paged_pages);
- return 0;
+ ret = 0;
+
+ out:
+ p2m_unlock(p2m);
+ return ret;
}
void p2m_mem_paging_drop_page(struct domain *d, unsigned long gfn)
@@ -789,15 +794,15 @@
/* Fix p2m mapping */
/* XXX: It seems inefficient to have this here, as it's only needed
* in one case (ept guest accessing paging out page) */
+ p2m_lock(p2m);
p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL);
if ( p2mt == p2m_ram_paged )
{
- p2m_lock(p2m);
set_p2m_entry(p2m, gfn, _mfn(INVALID_MFN), 0,
p2m_ram_paging_in_start, a);
audit_p2m(p2m, 1);
- p2m_unlock(p2m);
}
+ p2m_unlock(p2m);
/* Pause domain */
if ( v->domain->domain_id == d->domain_id )
@@ -826,22 +831,28 @@
p2m_type_t p2mt;
p2m_access_t a;
struct p2m_domain *p2m = p2m_get_hostp2m(d);
+ int ret = -ENOMEM;
+
+ p2m_lock(p2m);
p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL);
+
/* Get a free page */
page = alloc_domheap_page(p2m->domain, 0);
if ( unlikely(page == NULL) )
- return -ENOMEM;
+ goto out;
/* Fix p2m mapping */
- p2m_lock(p2m);
set_p2m_entry(p2m, gfn, page_to_mfn(page), 0, p2m_ram_paging_in, a);
audit_p2m(p2m, 1);
- p2m_unlock(p2m);
atomic_dec(&d->paged_pages);
- return 0;
+ ret = 0;
+
+ out:
+ p2m_unlock(p2m);
+ return ret;
}
void p2m_mem_paging_resume(struct domain *d)
@@ -858,8 +869,8 @@
/* Fix p2m entry if the page was not dropped */
if ( !(rsp.flags & MEM_EVENT_FLAG_DROP_PAGE) )
{
+ p2m_lock(p2m);
mfn = p2m->get_entry(p2m, rsp.gfn, &p2mt, &a, p2m_query, NULL);
- p2m_lock(p2m);
set_p2m_entry(p2m, rsp.gfn, mfn, 0, p2m_ram_rw, a);
set_gpfn_from_mfn(mfn_x(mfn), rsp.gfn);
audit_p2m(p2m, 1);
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
Home