diff options
| author | Stefano Stabellini <stefano.stabellini@eu.citrix.com> | 2012-09-12 07:44:30 -0400 |
|---|---|---|
| committer | Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | 2012-09-12 11:21:40 -0400 |
| commit | 2fc136eecd0c647a6b13fcd00d0c41a1a28f35a5 (patch) | |
| tree | 2a43ce841b2bedf8206609b6c43321e540540c35 | |
| parent | 80ba77dfbce85f2d1be54847de3c866de1b18a9a (diff) | |
xen/m2p: do not reuse kmap_op->dev_bus_addr
If the caller passes a valid kmap_op to m2p_add_override, we use
kmap_op->dev_bus_addr to store the original mfn, but dev_bus_addr is
part of the interface with Xen and if we are batching the hypercalls it
might not have been written by the hypervisor yet. That means that later
on Xen will write to it and we'll think that the original mfn is
actually what Xen has written to it.
Rather than "stealing" struct members from kmap_op, keep using
page->index to store the original mfn and add another parameter to
m2p_remove_override to get the corresponding kmap_op instead.
It is now responsibility of the caller to keep track of which kmap_op
corresponds to a particular page in the m2p_override (gntdev, the only
user of this interface that passes a valid kmap_op, is already doing that).
CC: stable@kernel.org
Reported-and-Tested-By: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
| -rw-r--r-- | arch/x86/include/asm/xen/page.h | 3 | ||||
| -rw-r--r-- | arch/x86/xen/p2m.c | 27 | ||||
| -rw-r--r-- | drivers/block/xen-blkback/blkback.c | 2 | ||||
| -rw-r--r-- | drivers/xen/gntdev.c | 5 | ||||
| -rw-r--r-- | drivers/xen/grant-table.c | 6 | ||||
| -rw-r--r-- | include/xen/grant_table.h | 3 |
6 files changed, 23 insertions, 23 deletions
diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h index 93971e841dd5..472b9b783019 100644 --- a/arch/x86/include/asm/xen/page.h +++ b/arch/x86/include/asm/xen/page.h | |||
| @@ -51,7 +51,8 @@ extern unsigned long set_phys_range_identity(unsigned long pfn_s, | |||
| 51 | 51 | ||
| 52 | extern int m2p_add_override(unsigned long mfn, struct page *page, | 52 | extern int m2p_add_override(unsigned long mfn, struct page *page, |
| 53 | struct gnttab_map_grant_ref *kmap_op); | 53 | struct gnttab_map_grant_ref *kmap_op); |
| 54 | extern int m2p_remove_override(struct page *page, bool clear_pte); | 54 | extern int m2p_remove_override(struct page *page, |
| 55 | struct gnttab_map_grant_ref *kmap_op); | ||
| 55 | extern struct page *m2p_find_override(unsigned long mfn); | 56 | extern struct page *m2p_find_override(unsigned long mfn); |
| 56 | extern unsigned long m2p_find_override_pfn(unsigned long mfn, unsigned long pfn); | 57 | extern unsigned long m2p_find_override_pfn(unsigned long mfn, unsigned long pfn); |
| 57 | 58 | ||
diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c index 76ba0e97e530..72213da605f5 100644 --- a/arch/x86/xen/p2m.c +++ b/arch/x86/xen/p2m.c | |||
| @@ -828,9 +828,6 @@ int m2p_add_override(unsigned long mfn, struct page *page, | |||
| 828 | 828 | ||
| 829 | xen_mc_issue(PARAVIRT_LAZY_MMU); | 829 | xen_mc_issue(PARAVIRT_LAZY_MMU); |
| 830 | } | 830 | } |
| 831 | /* let's use dev_bus_addr to record the old mfn instead */ | ||
| 832 | kmap_op->dev_bus_addr = page->index; | ||
| 833 | page->index = (unsigned long) kmap_op; | ||
| 834 | } | 831 | } |
| 835 | spin_lock_irqsave(&m2p_override_lock, flags); | 832 | spin_lock_irqsave(&m2p_override_lock, flags); |
| 836 | list_add(&page->lru, &m2p_overrides[mfn_hash(mfn)]); | 833 | list_add(&page->lru, &m2p_overrides[mfn_hash(mfn)]); |
| @@ -857,7 +854,8 @@ int m2p_add_override(unsigned long mfn, struct page *page, | |||
| 857 | return 0; | 854 | return 0; |
| 858 | } | 855 | } |
| 859 | EXPORT_SYMBOL_GPL(m2p_add_override); | 856 | EXPORT_SYMBOL_GPL(m2p_add_override); |
| 860 | int m2p_remove_override(struct page *page, bool clear_pte) | 857 | int m2p_remove_override(struct page *page, |
| 858 | struct gnttab_map_grant_ref *kmap_op) | ||
| 861 | { | 859 | { |
| 862 | unsigned long flags; | 860 | unsigned long flags; |
| 863 | unsigned long mfn; | 861 | unsigned long mfn; |
| @@ -887,10 +885,8 @@ int m2p_remove_override(struct page *page, bool clear_pte) | |||
| 887 | WARN_ON(!PagePrivate(page)); | 885 | WARN_ON(!PagePrivate(page)); |
| 888 | ClearPagePrivate(page); | 886 | ClearPagePrivate(page); |
| 889 | 887 | ||
| 890 | if (clear_pte) { | 888 | set_phys_to_machine(pfn, page->index); |
| 891 | struct gnttab_map_grant_ref *map_op = | 889 | if (kmap_op != NULL) { |
| 892 | (struct gnttab_map_grant_ref *) page->index; | ||
| 893 | set_phys_to_machine(pfn, map_op->dev_bus_addr); | ||
| 894 | if (!PageHighMem(page)) { | 890 | if (!PageHighMem(page)) { |
| 895 | struct multicall_space mcs; | 891 | struct multicall_space mcs; |
| 896 | struct gnttab_unmap_grant_ref *unmap_op; | 892 | struct gnttab_unmap_grant_ref *unmap_op; |
| @@ -902,13 +898,13 @@ int m2p_remove_override(struct page *page, bool clear_pte) | |||
| 902 | * issued. In this case handle is going to -1 because | 898 | * issued. In this case handle is going to -1 because |
| 903 | * it hasn't been modified yet. | 899 | * it hasn't been modified yet. |
| 904 | */ | 900 | */ |
| 905 | if (map_op->handle == -1) | 901 | if (kmap_op->handle == -1) |
| 906 | xen_mc_flush(); | 902 | xen_mc_flush(); |
| 907 | /* | 903 | /* |
| 908 | * Now if map_op->handle is negative it means that the | 904 | * Now if kmap_op->handle is negative it means that the |
| 909 | * hypercall actually returned an error. | 905 | * hypercall actually returned an error. |
| 910 | */ | 906 | */ |
| 911 | if (map_op->handle == GNTST_general_error) { | 907 | if (kmap_op->handle == GNTST_general_error) { |
| 912 | printk(KERN_WARNING "m2p_remove_override: " | 908 | printk(KERN_WARNING "m2p_remove_override: " |
| 913 | "pfn %lx mfn %lx, failed to modify kernel mappings", | 909 | "pfn %lx mfn %lx, failed to modify kernel mappings", |
| 914 | pfn, mfn); | 910 | pfn, mfn); |
| @@ -918,8 +914,8 @@ int m2p_remove_override(struct page *page, bool clear_pte) | |||
| 918 | mcs = xen_mc_entry( | 914 | mcs = xen_mc_entry( |
| 919 | sizeof(struct gnttab_unmap_grant_ref)); | 915 | sizeof(struct gnttab_unmap_grant_ref)); |
| 920 | unmap_op = mcs.args; | 916 | unmap_op = mcs.args; |
| 921 | unmap_op->host_addr = map_op->host_addr; | 917 | unmap_op->host_addr = kmap_op->host_addr; |
| 922 | unmap_op->handle = map_op->handle; | 918 | unmap_op->handle = kmap_op->handle; |
| 923 | unmap_op->dev_bus_addr = 0; | 919 | unmap_op->dev_bus_addr = 0; |
| 924 | 920 | ||
| 925 | MULTI_grant_table_op(mcs.mc, | 921 | MULTI_grant_table_op(mcs.mc, |
| @@ -930,10 +926,9 @@ int m2p_remove_override(struct page *page, bool clear_pte) | |||
| 930 | set_pte_at(&init_mm, address, ptep, | 926 | set_pte_at(&init_mm, address, ptep, |
| 931 | pfn_pte(pfn, PAGE_KERNEL)); | 927 | pfn_pte(pfn, PAGE_KERNEL)); |
| 932 | __flush_tlb_single(address); | 928 | __flush_tlb_single(address); |
| 933 | map_op->host_addr = 0; | 929 | kmap_op->host_addr = 0; |
| 934 | } | 930 | } |
| 935 | } else | 931 | } |
| 936 | set_phys_to_machine(pfn, page->index); | ||
| 937 | 932 | ||
| 938 | /* p2m(m2p(mfn)) == FOREIGN_FRAME(mfn): the mfn is already present | 933 | /* p2m(m2p(mfn)) == FOREIGN_FRAME(mfn): the mfn is already present |
| 939 | * somewhere in this domain, even before being added to the | 934 | * somewhere in this domain, even before being added to the |
diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c index 73f196ca713f..c6decb901e5e 100644 --- a/drivers/block/xen-blkback/blkback.c +++ b/drivers/block/xen-blkback/blkback.c | |||
| @@ -337,7 +337,7 @@ static void xen_blkbk_unmap(struct pending_req *req) | |||
| 337 | invcount++; | 337 | invcount++; |
| 338 | } | 338 | } |
| 339 | 339 | ||
| 340 | ret = gnttab_unmap_refs(unmap, pages, invcount, false); | 340 | ret = gnttab_unmap_refs(unmap, NULL, pages, invcount); |
| 341 | BUG_ON(ret); | 341 | BUG_ON(ret); |
| 342 | } | 342 | } |
| 343 | 343 | ||
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c index 1ffd03bf8e10..7f1241608489 100644 --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c | |||
| @@ -314,8 +314,9 @@ static int __unmap_grant_pages(struct grant_map *map, int offset, int pages) | |||
| 314 | } | 314 | } |
| 315 | } | 315 | } |
| 316 | 316 | ||
| 317 | err = gnttab_unmap_refs(map->unmap_ops + offset, map->pages + offset, | 317 | err = gnttab_unmap_refs(map->unmap_ops + offset, |
| 318 | pages, true); | 318 | use_ptemod ? map->kmap_ops + offset : NULL, map->pages + offset, |
| 319 | pages); | ||
| 319 | if (err) | 320 | if (err) |
| 320 | return err; | 321 | return err; |
| 321 | 322 | ||
diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c index 0bfc1ef11259..006726688baf 100644 --- a/drivers/xen/grant-table.c +++ b/drivers/xen/grant-table.c | |||
| @@ -870,7 +870,8 @@ int gnttab_map_refs(struct gnttab_map_grant_ref *map_ops, | |||
| 870 | EXPORT_SYMBOL_GPL(gnttab_map_refs); | 870 | EXPORT_SYMBOL_GPL(gnttab_map_refs); |
| 871 | 871 | ||
| 872 | int gnttab_unmap_refs(struct gnttab_unmap_grant_ref *unmap_ops, | 872 | int gnttab_unmap_refs(struct gnttab_unmap_grant_ref *unmap_ops, |
| 873 | struct page **pages, unsigned int count, bool clear_pte) | 873 | struct gnttab_map_grant_ref *kmap_ops, |
| 874 | struct page **pages, unsigned int count) | ||
| 874 | { | 875 | { |
| 875 | int i, ret; | 876 | int i, ret; |
| 876 | bool lazy = false; | 877 | bool lazy = false; |
| @@ -888,7 +889,8 @@ int gnttab_unmap_refs(struct gnttab_unmap_grant_ref *unmap_ops, | |||
| 888 | } | 889 | } |
| 889 | 890 | ||
| 890 | for (i = 0; i < count; i++) { | 891 | for (i = 0; i < count; i++) { |
| 891 | ret = m2p_remove_override(pages[i], clear_pte); | 892 | ret = m2p_remove_override(pages[i], kmap_ops ? |
| 893 | &kmap_ops[i] : NULL); | ||
| 892 | if (ret) | 894 | if (ret) |
| 893 | return ret; | 895 | return ret; |
| 894 | } | 896 | } |
diff --git a/include/xen/grant_table.h b/include/xen/grant_table.h index 11e27c3af3cb..f19fff8650e9 100644 --- a/include/xen/grant_table.h +++ b/include/xen/grant_table.h | |||
| @@ -187,6 +187,7 @@ int gnttab_map_refs(struct gnttab_map_grant_ref *map_ops, | |||
| 187 | struct gnttab_map_grant_ref *kmap_ops, | 187 | struct gnttab_map_grant_ref *kmap_ops, |
| 188 | struct page **pages, unsigned int count); | 188 | struct page **pages, unsigned int count); |
| 189 | int gnttab_unmap_refs(struct gnttab_unmap_grant_ref *unmap_ops, | 189 | int gnttab_unmap_refs(struct gnttab_unmap_grant_ref *unmap_ops, |
| 190 | struct page **pages, unsigned int count, bool clear_pte); | 190 | struct gnttab_map_grant_ref *kunmap_ops, |
| 191 | struct page **pages, unsigned int count); | ||
| 191 | 192 | ||
| 192 | #endif /* __ASM_GNTTAB_H__ */ | 193 | #endif /* __ASM_GNTTAB_H__ */ |