Wei Liu
2012-Feb-29 13:53 UTC
[PATCH] Grant table: fix a bug when grant copying a previous grant mapped page.
# HG changeset patch # User Wei Liu <wei.liu2@citrix.com> # Date 1330523387 0 # Node ID be6bd7febd33d5dd21cbbeb180e6907cd6038a77 # Parent a43eeaedf61ccaf269d0823ea80d3dfa8157cc63 Grant table: fix a bug when grant copying a previous grant mapped page. In grant table version 2, when we create a non-transitive mapping from DomU to Dom0, we need to set active entry''s trans_domain and trans_ref. Otherwise when we grant copy from this previous mapped ref, preemption count will get messed up. Considering following scenario, src_gref is already grant mapped (act->pin != 0) in Dom0 and it is not transitive. __gnttab_copy(src_gref,dst_gref) { __acquire_grant_for_copy(src_gref) __acquire_grant_for_copy(dst_gref) ...copy... __release_grant_for_copy(src_gref) __release_grant_for_cooy(dst_gref) } __acquire_grant_for_copy(rd,gref) { act <- get active entry for gref if (!act->pin) { check stuff for transitive grant if (!act->pin) { set fields in act } } else { set owning_domain } } __release_grant_for_copy(rd,gref) { act <- get active entry for gref if (grant table version is 1) { use v1 stuff } else { td = act->trans_domain trans_gref = act->trans_gref } if (td != rd) { recursively release grant rcu_unlock_domain(td) } } If we don''t set trans_domain when creating mapping, in the release path td = act->trans_domain, in which case it is NULL, will screw up preemption count with rcu_unlock_domain(NULL). See changeset 22994:299ed79acecf for more information. Signed-off-by: Wei Liu <wei.liu2@citrix.com> diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -585,6 +585,8 @@ __gnttab_map_grant_ref( act->start = 0; act->length = PAGE_SIZE; act->is_sub_page = 0; + act->trans_domain = rd; + act->trans_gref = op->ref; } }