1 files changed, 36 insertions, 0 deletions
diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c
index ffd08c414e91..64effdc6da94 100644
--- a/arch/x86/xen/p2m.c
+++ b/arch/x86/xen/p2m.c
@@ -706,6 +706,7 @@ int m2p_add_override(unsigned long mfn, struct page *page,
        unsigned long uninitialized_var(address);
        unsigned level;
        pte_t *ptep = NULL;
+        int ret = 0;
        pfn = page_to_pfn(page);
        if (!PageHighMem(page)) {
@@ -741,6 +742,24 @@ int m2p_add_override(unsigned long mfn, struct page *page,
        list_add(&page->lru,  &m2p_overrides[mfn_hash(mfn)]);
        spin_unlock_irqrestore(&m2p_override_lock, flags);
+        /* p2m(m2p(mfn)) == mfn: the mfn is already present somewhere in
+         * this domain. Set the FOREIGN_FRAME_BIT in the p2m for the other
+         * pfn so that the following mfn_to_pfn(mfn) calls will return the
+         * pfn from the m2p_override (the backend pfn) instead.
+         * We need to do this because the pages shared by the frontend
+         * (xen-blkfront) can be already locked (lock_page, called by
+         * do_read_cache_page); when the userspace backend tries to use them
+         * with direct_IO, mfn_to_pfn returns the pfn of the frontend, so
+         * do_blockdev_direct_IO is going to try to lock the same pages
+         * again resulting in a deadlock.
+         * As a side effect get_user_pages_fast might not be safe on the
+         * frontend pages while they are being shared with the backend,
+         * because mfn_to_pfn (that ends up being called by GUPF) will
+         * return the backend pfn rather than the frontend pfn. */
+        ret = __get_user(pfn, &machine_to_phys_mapping[mfn]);
+        if (ret == 0 && get_phys_to_machine(pfn) == mfn)
+                set_phys_to_machine(pfn, FOREIGN_FRAME(mfn));
        return 0;
 }
 EXPORT_SYMBOL_GPL(m2p_add_override);
@@ -752,6 +771,7 @@ int m2p_remove_override(struct page *page, bool clear_pte)
        unsigned long uninitialized_var(address);
        unsigned level;
        pte_t *ptep = NULL;
+        int ret = 0;
        pfn = page_to_pfn(page);
        mfn = get_phys_to_machine(pfn);
@@ -821,6 +841,22 @@ int m2p_remove_override(struct page *page, bool clear_pte)
        } else
                set_phys_to_machine(pfn, page->index);
+        /* p2m(m2p(mfn)) == FOREIGN_FRAME(mfn): the mfn is already present
+         * somewhere in this domain, even before being added to the
+         * m2p_override (see comment above in m2p_add_override).
+         * If there are no other entries in the m2p_override corresponding
+         * to this mfn, then remove the FOREIGN_FRAME_BIT from the p2m for
+         * the original pfn (the one shared by the frontend): the backend
+         * cannot do any IO on this page anymore because it has been
+         * unshared. Removing the FOREIGN_FRAME_BIT from the p2m entry of
+         * the original pfn causes mfn_to_pfn(mfn) to return the frontend
+         * pfn again. */
+        mfn &= ~FOREIGN_FRAME_BIT;
+        ret = __get_user(pfn, &machine_to_phys_mapping[mfn]);
+        if (ret == 0 && get_phys_to_machine(pfn) == FOREIGN_FRAME(mfn) &&
+                        m2p_find_override(mfn) == NULL)
+                set_phys_to_machine(pfn, mfn);
        return 0;
 }
 EXPORT_SYMBOL_GPL(m2p_remove_override);

diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c index ffd08c414e91..64effdc6da94 100644 --- a/arch/x86/xen/p2m.c +++ b/arch/x86/xen/p2m.c
@@ -706,6 +706,7 @@ int m2p_add_override(unsigned long mfn, struct page *page,
706	unsigned long uninitialized_var(address);	706	unsigned long uninitialized_var(address);
707	unsigned level;	707	unsigned level;
708	pte_t *ptep = NULL;	708	pte_t *ptep = NULL;
		709	int ret = 0;
709		710
710	pfn = page_to_pfn(page);	711	pfn = page_to_pfn(page);
711	if (!PageHighMem(page)) {	712	if (!PageHighMem(page)) {
@@ -741,6 +742,24 @@ int m2p_add_override(unsigned long mfn, struct page *page,
741	list_add(&page->lru, &m2p_overrides[mfn_hash(mfn)]);	742	list_add(&page->lru, &m2p_overrides[mfn_hash(mfn)]);
742	spin_unlock_irqrestore(&m2p_override_lock, flags);	743	spin_unlock_irqrestore(&m2p_override_lock, flags);
743		744
		745	/* p2m(m2p(mfn)) == mfn: the mfn is already present somewhere in
		746	* this domain. Set the FOREIGN_FRAME_BIT in the p2m for the other
		747	* pfn so that the following mfn_to_pfn(mfn) calls will return the
		748	* pfn from the m2p_override (the backend pfn) instead.
		749	* We need to do this because the pages shared by the frontend
		750	* (xen-blkfront) can be already locked (lock_page, called by
		751	* do_read_cache_page); when the userspace backend tries to use them
		752	* with direct_IO, mfn_to_pfn returns the pfn of the frontend, so
		753	* do_blockdev_direct_IO is going to try to lock the same pages
		754	* again resulting in a deadlock.
		755	* As a side effect get_user_pages_fast might not be safe on the
		756	* frontend pages while they are being shared with the backend,
		757	* because mfn_to_pfn (that ends up being called by GUPF) will
		758	* return the backend pfn rather than the frontend pfn. */
		759	ret = __get_user(pfn, &machine_to_phys_mapping[mfn]);
		760	if (ret == 0 && get_phys_to_machine(pfn) == mfn)
		761	set_phys_to_machine(pfn, FOREIGN_FRAME(mfn));
		762
744	return 0;	763	return 0;
745	}	764	}
746	EXPORT_SYMBOL_GPL(m2p_add_override);	765	EXPORT_SYMBOL_GPL(m2p_add_override);
@@ -752,6 +771,7 @@ int m2p_remove_override(struct page *page, bool clear_pte)
752	unsigned long uninitialized_var(address);	771	unsigned long uninitialized_var(address);
753	unsigned level;	772	unsigned level;
754	pte_t *ptep = NULL;	773	pte_t *ptep = NULL;
		774	int ret = 0;
755		775
756	pfn = page_to_pfn(page);	776	pfn = page_to_pfn(page);
757	mfn = get_phys_to_machine(pfn);	777	mfn = get_phys_to_machine(pfn);
@@ -821,6 +841,22 @@ int m2p_remove_override(struct page *page, bool clear_pte)
821	} else	841	} else
822	set_phys_to_machine(pfn, page->index);	842	set_phys_to_machine(pfn, page->index);
823		843
		844	/* p2m(m2p(mfn)) == FOREIGN_FRAME(mfn): the mfn is already present
		845	* somewhere in this domain, even before being added to the
		846	* m2p_override (see comment above in m2p_add_override).
		847	* If there are no other entries in the m2p_override corresponding
		848	* to this mfn, then remove the FOREIGN_FRAME_BIT from the p2m for
		849	* the original pfn (the one shared by the frontend): the backend
		850	* cannot do any IO on this page anymore because it has been
		851	* unshared. Removing the FOREIGN_FRAME_BIT from the p2m entry of
		852	* the original pfn causes mfn_to_pfn(mfn) to return the frontend
		853	* pfn again. */
		854	mfn &= ~FOREIGN_FRAME_BIT;
		855	ret = __get_user(pfn, &machine_to_phys_mapping[mfn]);
		856	if (ret == 0 && get_phys_to_machine(pfn) == FOREIGN_FRAME(mfn) &&
		857	m2p_find_override(mfn) == NULL)
		858	set_phys_to_machine(pfn, mfn);
		859
824	return 0;	860	return 0;
825	}	861	}
826	EXPORT_SYMBOL_GPL(m2p_remove_override);	862	EXPORT_SYMBOL_GPL(m2p_remove_override);