Boris Ostrovsky
2013-Sep-06 15:00 UTC
[PATCH] xen/p2m: Don''t call get_balloon_scratch_page() twice, keep interrupts disabled for multicalls
m2p_remove_override() calls get_balloon_scratch_page() in MULTI_update_va_mapping() even though it already has pointer to this page from the earlier call (in scratch_page). This second call doesn''t have a matching put_balloon_scratch_page() thus not restoring preempt count back. (Also, there is no put_balloon_scratch_page() in the error path.) In addition, the second multicall uses __xen_mc_entry() which does not disable interrupts. Rearrange xen_mc_* calls to keep interrupts off while performing multicalls. Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> --- arch/x86/xen/p2m.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c index 0d4ec35..8b901e8 100644 --- a/arch/x86/xen/p2m.c +++ b/arch/x86/xen/p2m.c @@ -990,10 +990,13 @@ int m2p_remove_override(struct page *page, printk(KERN_WARNING "m2p_remove_override: " "pfn %lx mfn %lx, failed to modify kernel mappings", pfn, mfn); + put_balloon_scratch_page(); return -1; } - mcs = xen_mc_entry( + xen_mc_batch(); + + mcs = __xen_mc_entry( sizeof(struct gnttab_unmap_and_replace)); unmap_op = mcs.args; unmap_op->host_addr = kmap_op->host_addr; @@ -1003,12 +1006,11 @@ int m2p_remove_override(struct page *page, MULTI_grant_table_op(mcs.mc, GNTTABOP_unmap_and_replace, unmap_op, 1); - xen_mc_issue(PARAVIRT_LAZY_MMU); - mcs = __xen_mc_entry(0); MULTI_update_va_mapping(mcs.mc, scratch_page_address, - pfn_pte(page_to_pfn(get_balloon_scratch_page()), + pfn_pte(page_to_pfn(scratch_page), PAGE_KERNEL_RO), 0); + xen_mc_issue(PARAVIRT_LAZY_MMU); kmap_op->host_addr = 0; -- 1.8.3.1
Stefano Stabellini
2013-Sep-06 15:09 UTC
Re: [PATCH] xen/p2m: Don''t call get_balloon_scratch_page() twice, keep interrupts disabled for multicalls
On Fri, 6 Sep 2013, Boris Ostrovsky wrote:> m2p_remove_override() calls get_balloon_scratch_page() in > MULTI_update_va_mapping() even though it already has pointer to this page from > the earlier call (in scratch_page). This second call doesn''t have a matching > put_balloon_scratch_page() thus not restoring preempt count back. (Also, there > is no put_balloon_scratch_page() in the error path.) > > In addition, the second multicall uses __xen_mc_entry() which does not disable > interrupts. Rearrange xen_mc_* calls to keep interrupts off while performing > multicalls. > > Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>> arch/x86/xen/p2m.c | 10 ++++++---- > 1 file changed, 6 insertions(+), 4 deletions(-) > > diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c > index 0d4ec35..8b901e8 100644 > --- a/arch/x86/xen/p2m.c > +++ b/arch/x86/xen/p2m.c > @@ -990,10 +990,13 @@ int m2p_remove_override(struct page *page, > printk(KERN_WARNING "m2p_remove_override: " > "pfn %lx mfn %lx, failed to modify kernel mappings", > pfn, mfn); > + put_balloon_scratch_page(); > return -1; > } > > - mcs = xen_mc_entry( > + xen_mc_batch(); > + > + mcs = __xen_mc_entry( > sizeof(struct gnttab_unmap_and_replace)); > unmap_op = mcs.args; > unmap_op->host_addr = kmap_op->host_addr; > @@ -1003,12 +1006,11 @@ int m2p_remove_override(struct page *page, > MULTI_grant_table_op(mcs.mc, > GNTTABOP_unmap_and_replace, unmap_op, 1); > > - xen_mc_issue(PARAVIRT_LAZY_MMU); > - > mcs = __xen_mc_entry(0); > MULTI_update_va_mapping(mcs.mc, scratch_page_address, > - pfn_pte(page_to_pfn(get_balloon_scratch_page()), > + pfn_pte(page_to_pfn(scratch_page), > PAGE_KERNEL_RO), 0); > + > xen_mc_issue(PARAVIRT_LAZY_MMU); > > kmap_op->host_addr = 0; > -- > 1.8.3.1 >
konrad wilk
2013-Sep-06 16:06 UTC
Re: [PATCH] xen/p2m: Don''t call get_balloon_scratch_page() twice, keep interrupts disabled for multicalls
On 9/6/2013 11:09 AM, Stefano Stabellini wrote:> On Fri, 6 Sep 2013, Boris Ostrovsky wrote: >> m2p_remove_override() calls get_balloon_scratch_page() in >> MULTI_update_va_mapping() even though it already has pointer to this page from >> the earlier call (in scratch_page). This second call doesn''t have a matching >> put_balloon_scratch_page() thus not restoring preempt count back. (Also, there >> is no put_balloon_scratch_page() in the error path.) >> >> In addition, the second multicall uses __xen_mc_entry() which does not disable >> interrupts. Rearrange xen_mc_* calls to keep interrupts off while performing >> multicalls. >> >> Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>You also might want to mention that this fixes the regression introduced by .. commit id <"title"> Reviewed-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> > > >> arch/x86/xen/p2m.c | 10 ++++++---- >> 1 file changed, 6 insertions(+), 4 deletions(-) >> >> diff --git a/arch/x86/xen/p2m.c b/arch/x86/xen/p2m.c >> index 0d4ec35..8b901e8 100644 >> --- a/arch/x86/xen/p2m.c >> +++ b/arch/x86/xen/p2m.c >> @@ -990,10 +990,13 @@ int m2p_remove_override(struct page *page, >> printk(KERN_WARNING "m2p_remove_override: " >> "pfn %lx mfn %lx, failed to modify kernel mappings", >> pfn, mfn); >> + put_balloon_scratch_page(); >> return -1; >> } >> >> - mcs = xen_mc_entry( >> + xen_mc_batch(); >> + >> + mcs = __xen_mc_entry( >> sizeof(struct gnttab_unmap_and_replace)); >> unmap_op = mcs.args; >> unmap_op->host_addr = kmap_op->host_addr; >> @@ -1003,12 +1006,11 @@ int m2p_remove_override(struct page *page, >> MULTI_grant_table_op(mcs.mc, >> GNTTABOP_unmap_and_replace, unmap_op, 1); >> >> - xen_mc_issue(PARAVIRT_LAZY_MMU); >> - >> mcs = __xen_mc_entry(0); >> MULTI_update_va_mapping(mcs.mc, scratch_page_address, >> - pfn_pte(page_to_pfn(get_balloon_scratch_page()), >> + pfn_pte(page_to_pfn(scratch_page), >> PAGE_KERNEL_RO), 0); >> + >> xen_mc_issue(PARAVIRT_LAZY_MMU); >> >> kmap_op->host_addr = 0; >> -- >> 1.8.3.1 >>