WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH] linux-2.6.18/blktap: fix locking

from [Jan Beulich] [Permanent Link][Original]
To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] linux-2.6.18/blktap: fix locking
From: "Jan Beulich" <JBeulich@xxxxxxxxxx>
Date: Tue, 31 May 2011 14:58:01 +0100
Delivery-date: Tue, 31 May 2011 07:02:54 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
blktap_read_ufe_ring() invalidating the mmap index of a request could
race with blktap_clear_pte() reading it. Move the invalidation into the
info->mm->mmap_sem protected region in fast_flush_area(), noting that
doing this on the failure path of dispatch_rw_block_io() is benign.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxxxx>

--- a/drivers/xen/blktap/blktap.c
+++ b/drivers/xen/blktap/blktap.c
@@ -1026,7 +1026,7 @@ static void blktap_zap_page_range(struct
 }
 
 static void fast_flush_area(pending_req_t *req, unsigned int k_idx,
-                            unsigned int u_idx, int tapidx)
+                            unsigned int u_idx, tap_blkif_t *info)
 {
        struct gnttab_unmap_grant_ref unmap[BLKIF_MAX_SEGMENTS_PER_REQUEST*2];
        unsigned int i, mmap_idx, invcount = 0, locked = 0;
@@ -1034,23 +1034,14 @@ static void fast_flush_area(pending_req_
        uint64_t ptep;
        int ret;
        unsigned long uvaddr;
-       tap_blkif_t *info;
-       struct mm_struct *mm;
-       
-
-       if ((tapidx < 0) || (tapidx >= MAX_TAP_DEV)
-           || !(info = tapfds[tapidx])) {
-               WPRINTK("fast_flush: Couldn't get info!\n");
-               return;
-       }
-
-       mm = info->mm;
+       struct mm_struct *mm = info->mm;
 
        if (mm != NULL && xen_feature(XENFEAT_auto_translated_physmap)) {
                down_write(&mm->mmap_sem);
                blktap_zap_page_range(mm,
                                      MMAP_VADDR(info->user_vstart, u_idx, 0),
                                      req->nr_pages);
+               info->idx_map[u_idx].mem = INVALID_MIDX;
                up_write(&mm->mmap_sem);
                return;
        }
@@ -1108,7 +1099,10 @@ static void fast_flush_area(pending_req_
                                      req->nr_pages);
        }
 
-       if (locked)
+       if (!locked && mm != NULL)
+               down_write(&mm->mmap_sem);
+       info->idx_map[u_idx].mem = INVALID_MIDX;
+       if (mm != NULL)
                up_write(&mm->mmap_sem);
 }
 
@@ -1243,8 +1237,7 @@ static int blktap_read_ufe_ring(tap_blki
                        offset = (uvaddr - info->rings_vstart) >> PAGE_SHIFT;
                        info->foreign_map.map[offset] = NULL;
                }
-               fast_flush_area(pending_req, pending_idx, usr_idx, info->minor);
-               info->idx_map[usr_idx].mem = INVALID_MIDX;
+               fast_flush_area(pending_req, pending_idx, usr_idx, info);
                make_response(blkif, pending_req->id, res.operation,
                              res.status);
                blkif_put(pending_req->blkif);
@@ -1618,7 +1611,7 @@ static void dispatch_rw_block_io(blkif_t
 
  fail_flush:
        WPRINTK("Reached Fail_flush\n");
-       fast_flush_area(pending_req, pending_idx, usr_idx, blkif->dev_num);
+       fast_flush_area(pending_req, pending_idx, usr_idx, info);
  fail_response:
        make_response(blkif, req->id, req->operation, BLKIF_RSP_ERROR);
        free_req(pending_req);

Attachment: xen-blktap-locking.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH] linux-2.6.18/blktap: fix locking, Jan Beulich <=
Previous by Date:  [Xen-devel] [PATCH] rombios: correct $PIR table router device ID, Ian Campbell
Next by Date:  Re: [Xen-devel] no output on console when using 2.6.39 as dom0-kernel, Ian Campbell
Previous by Thread:  [Xen-devel] [PATCH] rombios: correct $PIR table router device ID, Ian Campbell
Next by Thread:  [Xen-devel] [PATCH] X86: cpufreq init cleanup, Liu, Jinsong
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy