[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 2/2] Send gnttab unmap notify event after the grant is fully released

  • To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Rafał Wojdyła <omeg@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 26 May 2026 18:29:34 +0200
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=fm3 header.d=invisiblethingslab.com header.i="@invisiblethingslab.com" header.h="Cc:Content-Transfer-Encoding:Content-Type:Date:From:In-Reply-To:Message-ID:MIME-Version:References:Subject:To"; dkim=pass header.s=fm3 header.d=messagingengine.com header.i="@messagingengine.com" header.h="Cc:Content-Transfer-Encoding:Content-Type:Date:Feedback-ID:From:In-Reply-To:Message-ID:MIME-Version:References:Subject:To:X-ME-Proxy:X-ME-Sender"
  • Cc: Rafał Wojdyła <omeg@xxxxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 26 May 2026 16:29:55 +0000
  • Feedback-id: i409c4082:Fastmail
  • List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>
Move the notification event to after the unmap hypercall completes,
so the peer only gets notified after the grant is completely released
on our side. Closes possible race when the peer could be notified
before the grant was fully torn down.

Signed-off-by: Rafał Wojdyła <omeg@xxxxxxxxxxxxxxxxxxxxxx>
---
 src/xeniface/ioctl_gnttab.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/xeniface/ioctl_gnttab.c b/src/xeniface/ioctl_gnttab.c
index ef77295..ee319cb 100644
--- a/src/xeniface/ioctl_gnttab.c
+++ b/src/xeniface/ioctl_gnttab.c
@@ -802,17 +802,11 @@ GnttabFreeMap(
 
     Trace("Context %p\n", Context);
 
+    // Write the notify value while the grant is still mapped.
     if (Context->Flags & XENIFACE_GNTTAB_USE_NOTIFY_OFFSET) {
         ((PCHAR)Context->KernelVa)[Context->NotifyOffset] = 0;
     }
 
-    if (Context->Flags & XENIFACE_GNTTAB_USE_NOTIFY_PORT) {
-        status = EvtchnNotify(Fdo, Context->NotifyPort, NULL);
-
-        if (!NT_SUCCESS(status)) // non-fatal, we must free memory
-            Error("failed to notify port %lu: 0x%x\n", Context->NotifyPort, 
status);
-    }
-
     // unmap from user address space
     MmUnmapLockedPages(Context->UserVa, Context->Mdl);
 
@@ -828,6 +822,14 @@ GnttabFreeMap(
 
     ASSERT(NT_SUCCESS(status));
 
+    // Notify the peer after the map is fully gone.
+    if (Context->Flags & XENIFACE_GNTTAB_USE_NOTIFY_PORT) {
+        status = EvtchnNotify(Fdo, Context->NotifyPort, NULL);
+
+        if (!NT_SUCCESS(status)) // non-fatal, we must free memory
+            Error("failed to notify port %lu: 0x%x\n", Context->NotifyPort, 
status);
+    }
+
     RtlZeroMemory(Context, sizeof(*Context));
     __FreePoolWithTag(Context, XENIFACE_POOL_TAG);
 }
-- 
2.53.0

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.