Andres Lagar-Cavilla
2013-Aug-01 14:26 UTC
[PATCH] Xen: Fix retry calls into PRIVCMD_MMAPBATCH*.
From: Andres Lagar-Cavilla <andres@lagarcavilla.org>
When a foreign mapper attempts to map guest frames that are paged out,
the mapper receives an ENOENT response and will have to try again
while a helper process pages the target frame back in.
Gating checks on PRIVCMD_MMAPBATCH* ioctl args were preventing retries
of mapping calls.
V2: Fixed autotranslated physmap mode breakage introduced by V1.
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
---
drivers/xen/privcmd.c | 41 +++++++++++++++++++++++++++++++++++------
1 files changed, 35 insertions(+), 6 deletions(-)
diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
index f8e5dd7..6ebdf98 100644
--- a/drivers/xen/privcmd.c
+++ b/drivers/xen/privcmd.c
@@ -43,9 +43,12 @@ MODULE_LICENSE("GPL");
#define PRIV_VMA_LOCKED ((void *)1)
-#ifndef HAVE_ARCH_PRIVCMD_MMAP
static int privcmd_enforce_singleshot_mapping(struct vm_area_struct *vma);
-#endif
+
+static int privcmd_enforce_singleshot_mapping_granular(
+ struct vm_area_struct *vma,
+ unsigned long addr,
+ unsigned long nr_pages);
static long privcmd_ioctl_hypercall(void __user *udata)
{
@@ -422,14 +425,15 @@ static long privcmd_ioctl_mmap_batch(void __user *udata,
int version)
vma = find_vma(mm, m.addr);
if (!vma ||
vma->vm_ops != &privcmd_vm_ops ||
- (m.addr != vma->vm_start) ||
- ((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) ||
- !privcmd_enforce_singleshot_mapping(vma)) {
+ (m.addr < vma->vm_start) ||
+ ((m.addr + (nr_pages << PAGE_SHIFT)) > vma->vm_end) ||
+ !privcmd_enforce_singleshot_mapping_granular(vma, m.addr, nr_pages)) {
up_write(&mm->mmap_sem);
ret = -EINVAL;
goto out;
}
- if (xen_feature(XENFEAT_auto_translated_physmap)) {
+ if (xen_feature(XENFEAT_auto_translated_physmap) &&
+ privcmd_enforce_singleshot_mapping(vma)) {
ret = alloc_empty_pages(vma, m.num);
if (ret < 0) {
up_write(&mm->mmap_sem);
@@ -540,11 +544,36 @@ static int privcmd_mmap(struct file *file, struct
vm_area_struct *vma)
return 0;
}
+/*
+ * For Asserting on a whole VMA. This is used by the legacy PRIVCMD_MMAP
+ * call and autotranslated physmap mode to allocate the ballooned pages that
+ * back a mapping only once.
+ */
static int privcmd_enforce_singleshot_mapping(struct vm_area_struct *vma)
{
return !cmpxchg(&vma->vm_private_data, NULL, PRIV_VMA_LOCKED);
}
+/*
+ * For MMAPBATCH*. This allows asserting the singleshot mapping
+ * on a per pfn/pte basis. Mapping calls that fail with ENOENT
+ * can be then retried until success.
+ */
+static int enforce_singleshot_mapping_fn(pte_t *pte, struct page *pmd_page,
+ unsigned long addr, void *data)
+{
+ return pte_none(*pte) ? 0 : -EBUSY;
+}
+
+static int privcmd_enforce_singleshot_mapping_granular(
+ struct vm_area_struct *vma,
+ unsigned long addr,
+ unsigned long nr_pages)
+{
+ return apply_to_page_range(vma->vm_mm, addr, nr_pages << PAGE_SHIFT,
+ enforce_singleshot_mapping_fn, NULL) == 0;
+}
+
const struct file_operations xen_privcmd_fops = {
.owner = THIS_MODULE,
.unlocked_ioctl = privcmd_ioctl,
--
1.7.1
David Vrabel
2013-Aug-09 10:30 UTC
Re: [PATCH] Xen: Fix retry calls into PRIVCMD_MMAPBATCH*.
On 01/08/13 15:26, Andres Lagar-Cavilla wrote:> From: Andres Lagar-Cavilla <andres@lagarcavilla.org> > > When a foreign mapper attempts to map guest frames that are paged out, > the mapper receives an ENOENT response and will have to try again > while a helper process pages the target frame back in. > > Gating checks on PRIVCMD_MMAPBATCH* ioctl args were preventing retries > of mapping calls. > > V2: Fixed autotranslated physmap mode breakage introduced by V1. > > Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> > --- > drivers/xen/privcmd.c | 41 +++++++++++++++++++++++++++++++++++------ > 1 files changed, 35 insertions(+), 6 deletions(-) > > diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c > index f8e5dd7..6ebdf98 100644 > --- a/drivers/xen/privcmd.c > +++ b/drivers/xen/privcmd.c > @@ -43,9 +43,12 @@ MODULE_LICENSE("GPL"); > > #define PRIV_VMA_LOCKED ((void *)1) > > -#ifndef HAVE_ARCH_PRIVCMD_MMAP > static int privcmd_enforce_singleshot_mapping(struct vm_area_struct *vma); > -#endif > + > +static int privcmd_enforce_singleshot_mapping_granular( > + struct vm_area_struct *vma, > + unsigned long addr, > + unsigned long nr_pages); > > static long privcmd_ioctl_hypercall(void __user *udata) > { > @@ -422,14 +425,15 @@ static long privcmd_ioctl_mmap_batch(void __user *udata, int version) > vma = find_vma(mm, m.addr); > if (!vma || > vma->vm_ops != &privcmd_vm_ops || > - (m.addr != vma->vm_start) || > - ((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) || > - !privcmd_enforce_singleshot_mapping(vma)) { > + (m.addr < vma->vm_start) || > + ((m.addr + (nr_pages << PAGE_SHIFT)) > vma->vm_end) || > + !privcmd_enforce_singleshot_mapping_granular(vma, m.addr, nr_pages)) { > up_write(&mm->mmap_sem); > ret = -EINVAL; > goto out;This change to the range checks allows the user to partially populate the VMA on the first call which will result in too few pages being allocated in the auto_translated_physmap case. Can you do the following behaviour instead? On the first call, require the user to try to populate fully the VMA. On subsequent calls, allow the user to specify a subset of pages (sub-range) provided all the pages in the subset are not populated. David
Andres Lagar-Cavilla
2013-Aug-09 14:11 UTC
[PATCH] Xen: Fix retry calls into PRIVCMD_MMAPBATCH*.
From: Andres Lagar-Cavilla <andres@lagarcavilla.org>
When a foreign mapper attempts to map guest frames that are paged out,
the mapper receives an ENOENT response and will have to try again
while a helper process pages the target frame back in.
Gating checks on PRIVCMD_MMAPBATCH* ioctl args were preventing retries
of mapping calls.
V2: Fixed autotranslated physmap mode breakage introduced by V1.
V3: Enforce full range mapping for first ioctl call on a given VMA.
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
---
drivers/xen/privcmd.c | 58 +++++++++++++++++++++++++++++++++++++++---------
1 files changed, 47 insertions(+), 11 deletions(-)
diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
index f8e5dd7..938e6e6 100644
--- a/drivers/xen/privcmd.c
+++ b/drivers/xen/privcmd.c
@@ -43,9 +43,12 @@ MODULE_LICENSE("GPL");
#define PRIV_VMA_LOCKED ((void *)1)
-#ifndef HAVE_ARCH_PRIVCMD_MMAP
static int privcmd_enforce_singleshot_mapping(struct vm_area_struct *vma);
-#endif
+
+static int privcmd_enforce_singleshot_mapping_granular(
+ struct vm_area_struct *vma,
+ unsigned long addr,
+ unsigned long nr_pages);
static long privcmd_ioctl_hypercall(void __user *udata)
{
@@ -422,19 +425,26 @@ static long privcmd_ioctl_mmap_batch(void __user *udata,
int version)
vma = find_vma(mm, m.addr);
if (!vma ||
vma->vm_ops != &privcmd_vm_ops ||
- (m.addr != vma->vm_start) ||
- ((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) ||
- !privcmd_enforce_singleshot_mapping(vma)) {
+ (m.addr < vma->vm_start) ||
+ ((m.addr + (nr_pages << PAGE_SHIFT)) > vma->vm_end) ||
+ !privcmd_enforce_singleshot_mapping_granular(vma, m.addr, nr_pages)) {
up_write(&mm->mmap_sem);
ret = -EINVAL;
goto out;
}
- if (xen_feature(XENFEAT_auto_translated_physmap)) {
- ret = alloc_empty_pages(vma, m.num);
- if (ret < 0) {
- up_write(&mm->mmap_sem);
- goto out;
- }
+ /*
+ * Use singleshot mapping to enforce first-time requirements. Must map the
+ * whole VMA range, if ARM or x86-PVH must allocate balloon pages.
+ */
+ if (privcmd_enforce_singleshot_mapping(vma) &&
+ ((m.addr != vma->vm_start) ||
+ ((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) ||
+ (xen_feature(XENFEAT_auto_translated_physmap) &&
+ ((ret = alloc_empty_pages(vma, m.num)) < 0)))) {
+ if (ret == 0)
+ ret = -EINVAL;
+ up_write(&mm->mmap_sem);
+ goto out;
}
state.domain = m.dom;
@@ -540,11 +550,37 @@ static int privcmd_mmap(struct file *file, struct
vm_area_struct *vma)
return 0;
}
+/*
+ * For asserting on a whole VMA. This is used by the legacy PRIVCMD_MMAP
+ * call, for MMAPBATCH* to ensure the first ioctl is called on the whole
+ * mapping range, and for autotranslated physmap mode to allocate the ballooned
+ * pages that back a mapping only once.
+ */
static int privcmd_enforce_singleshot_mapping(struct vm_area_struct *vma)
{
return !cmpxchg(&vma->vm_private_data, NULL, PRIV_VMA_LOCKED);
}
+/*
+ * For MMAPBATCH*. This allows asserting the singleshot mapping
+ * on a per pfn/pte basis. Mapping calls that fail with ENOENT
+ * can be then retried until success.
+ */
+static int enforce_singleshot_mapping_fn(pte_t *pte, struct page *pmd_page,
+ unsigned long addr, void *data)
+{
+ return pte_none(*pte) ? 0 : -EBUSY;
+}
+
+static int privcmd_enforce_singleshot_mapping_granular(
+ struct vm_area_struct *vma,
+ unsigned long addr,
+ unsigned long nr_pages)
+{
+ return apply_to_page_range(vma->vm_mm, addr, nr_pages << PAGE_SHIFT,
+ enforce_singleshot_mapping_fn, NULL) == 0;
+}
+
const struct file_operations xen_privcmd_fops = {
.owner = THIS_MODULE,
.unlocked_ioctl = privcmd_ioctl,
--
1.7.1
David Vrabel
2013-Aug-12 15:58 UTC
Re: [PATCH] Xen: Fix retry calls into PRIVCMD_MMAPBATCH*.
On 09/08/13 15:11, Andres Lagar-Cavilla wrote:> From: Andres Lagar-Cavilla <andres@lagarcavilla.org> > > When a foreign mapper attempts to map guest frames that are paged out, > the mapper receives an ENOENT response and will have to try again > while a helper process pages the target frame back in. > > Gating checks on PRIVCMD_MMAPBATCH* ioctl args were preventing retries > of mapping calls. > > V2: Fixed autotranslated physmap mode breakage introduced by V1. > V3: Enforce full range mapping for first ioctl call on a given VMA. > > Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org> > --- > drivers/xen/privcmd.c | 58 +++++++++++++++++++++++++++++++++++++++--------- > 1 files changed, 47 insertions(+), 11 deletions(-) > > diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c > index f8e5dd7..938e6e6 100644 > --- a/drivers/xen/privcmd.c > +++ b/drivers/xen/privcmd.c > @@ -43,9 +43,12 @@ MODULE_LICENSE("GPL"); > > #define PRIV_VMA_LOCKED ((void *)1) > > -#ifndef HAVE_ARCH_PRIVCMD_MMAP > static int privcmd_enforce_singleshot_mapping(struct vm_area_struct *vma); > -#endif > + > +static int privcmd_enforce_singleshot_mapping_granular( > + struct vm_area_struct *vma, > + unsigned long addr, > + unsigned long nr_pages); > > static long privcmd_ioctl_hypercall(void __user *udata) > { > @@ -422,19 +425,26 @@ static long privcmd_ioctl_mmap_batch(void __user *udata, int version) > vma = find_vma(mm, m.addr); > if (!vma || > vma->vm_ops != &privcmd_vm_ops || > - (m.addr != vma->vm_start) || > - ((m.addr + (nr_pages << PAGE_SHIFT)) != vma->vm_end) || > - !privcmd_enforce_singleshot_mapping(vma)) { > + (m.addr < vma->vm_start) || > + ((m.addr + (nr_pages << PAGE_SHIFT)) > vma->vm_end) || > + !privcmd_enforce_singleshot_mapping_granular(vma, m.addr, nr_pages)) { > up_write(&mm->mmap_sem); > ret = -EINVAL; > goto out;I think this unnecessarily calls privcmd_enforce_singleshot_mapping_granular() on the first call. If you change the tests to the following, does it work for you? /* Suitable VMA? */ if (!vma || vma->vm_ops != &privcmd_vm_ops) // error if (!privcmd_enforce_singleshot_mapping(..)) { /* Already populated into this VMA once, are we populating a subset that is not yet populated? */ if (is_subset_of_vma(vma, m,addr, nr_pages) && privcmd_enforce_single_shot_mapping_granular()) // ok else // error } else { /* Nothing populated in this VMA, must try to fully populate it. */ if (is_all_of_vma(vma, m.addr, nr_pages)) // ok else // error } Thanks. David