Wei Liu
2012-Feb-29 13:53 UTC
[PATCH] Grant table: fix a bug when grant copying a previous grant mapped page.
# HG changeset patch
# User Wei Liu <wei.liu2@citrix.com>
# Date 1330523387 0
# Node ID be6bd7febd33d5dd21cbbeb180e6907cd6038a77
# Parent a43eeaedf61ccaf269d0823ea80d3dfa8157cc63
Grant table: fix a bug when grant copying a previous grant mapped page.
In grant table version 2, when we create a non-transitive mapping from
DomU to Dom0, we need to set active entry''s trans_domain and trans_ref.
Otherwise when we grant copy from this previous mapped ref, preemption
count will get messed up.
Considering following scenario, src_gref is already grant mapped
(act->pin != 0) in Dom0 and it is not transitive.
__gnttab_copy(src_gref,dst_gref)
{
__acquire_grant_for_copy(src_gref)
__acquire_grant_for_copy(dst_gref)
...copy...
__release_grant_for_copy(src_gref)
__release_grant_for_cooy(dst_gref)
}
__acquire_grant_for_copy(rd,gref)
{
act <- get active entry for gref
if (!act->pin) {
check stuff for transitive grant
if (!act->pin) {
set fields in act
}
} else {
set owning_domain
}
}
__release_grant_for_copy(rd,gref)
{
act <- get active entry for gref
if (grant table version is 1) {
use v1 stuff
} else {
td = act->trans_domain
trans_gref = act->trans_gref
}
if (td != rd) {
recursively release grant
rcu_unlock_domain(td)
}
}
If we don''t set trans_domain when creating mapping, in the release path
td = act->trans_domain, in which case it is NULL, will screw up preemption
count with rcu_unlock_domain(NULL).
See changeset 22994:299ed79acecf for more information.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -585,6 +585,8 @@ __gnttab_map_grant_ref(
act->start = 0;
act->length = PAGE_SIZE;
act->is_sub_page = 0;
+ act->trans_domain = rd;
+ act->trans_gref = op->ref;
}
}