Xen devel - Jan 2007 - free_domheap_pages() leaking xenheap pages?

hi.

maybe someone can help me out with the xenheap page allocator in
combination with shared pages?

the following is from page_alloc.c:

void free_domheap_pages(struct page_info *pg, unsigned int order)
{
    int            i, drop_dom_ref;
    struct domain *d = page_get_owner(pg);

    ASSERT(!in_irq());

    if ( unlikely(IS_XEN_HEAP_FRAME(pg)) )
    {
        /* NB. May recursively lock from relinquish_memory(). */
        spin_lock_recursive(&d->page_alloc_lock);

        for ( i = 0; i < (1 << order); i++ )
            list_del(&pg[i].list);

        d->xenheap_pages -= 1 << order;
        drop_dom_ref = (d->xenheap_pages == 0);

        spin_unlock_recursive(&d->page_alloc_lock);
	[XXX]
    }
    else [..]


i would have expected something ultimately turning into a

	free_heap_pages( MEMZONE_XEN, pg, order )

to occur at point [XXX].

the page range remains unlisted upon return, and if there''s any later
point in the domain life cycle where these pages would ever return to
the xen heap, i''m unable to find it.

background: i''m writing code supposed to communicate with dom0 via a
number of shared pages. pseudocode:
 
my_init( something )
{
	something->pg = alloc_xenheap_page();
	share_xen_page_with_privileged_guests( virt_to_page(pg), ... );
}

my_uninit( something )
{
	put_page_and_type( something->pg );
}

is the latter put_page_and_type() correct? i''m asking because it seems
obvious, while xenoprof appears to do similar things with xen_heap, but
in a much stranger fashion when it comes to freeing those pages.

regards,
daniel


-- 
Daniel Stodden
LRR     -      Lehrstuhl für Rechnertechnik und Rechnerorganisation
Institut für Informatik der TU München             D-85748 Garching
http://www.lrr.in.tum.de/~stodden         mailto:stodden@cs.tum.edu
PGP Fingerprint: F5A4 1575 4C56 E26A 0B33  3D80 457E 82AE B0D8 735B


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

On 23/1/07 16:25, "Daniel Stodden" <stodden@cs.tum.edu> wrote:
> the page range remains unlisted upon return, and if there''s any
later
> point in the domain life cycle where these pages would ever return to
> the xen heap, i''m unable to find it.
There are very few xenheap pages that are ever shared with guests. These are
shared_info and grant-table pages. We don''t want the pages to be
completely
freed until the hypervisor is done with them which is not until
domain_destruct(). But Xen itself cannot keep an explicit reference on the
pages since that would stop the domain reference count ever falling to zero,
which would prevent domain_destruct() from ever being called! So Xen does
not increment the reference count and instead takes responsibility for
''manually'' freeing the pages in domain_destruct() (at which
point we know
that there are no other references to those pages).

 -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel