From 4dff228603baee05a142af732a4131d36d620248 Mon Sep 17 00:00:00 2001 From: Keir Fraser Date: Wed, 28 Jul 2010 07:54:12 +0100 Subject: [PATCH] Walking the page lists needs the page_alloc lock There are a few places in Xen where we walk a domain's page lists without holding the page_alloc lock. They race with updates to the page lists, which are normally rare but can be quite common under PoD when the domain is close to its memory limit and the PoD reclaimer is busy. This patch protects those places by taking the page_alloc lock. I think this is OK for the two debug-key printouts - they don't run from irq context and look deadlock-free. The tboot change seems safe too unless tboot shutdown functions are called from irq context or with the page_alloc lock held. The p2m one is the scariest but there are already code paths in PoD that take the page_alloc lock with the p2m lock held so it's no worse than existing code. Signed-off-by: Tim Deegan --- xen/arch/x86/domain.c | 4 ++++ xen/arch/x86/mm/p2m.c | 6 +++++- xen/arch/x86/numa.c | 2 ++ xen/arch/x86/tboot.c | 2 ++ 4 files changed, 13 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index d6b453b7d4..233ce1331c 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -139,12 +139,14 @@ void dump_pageframe_info(struct domain *d) } else { + spin_lock(&d->page_alloc_lock); page_list_for_each ( page, &d->page_list ) { printk(" DomPage %p: caf=%08lx, taf=%" PRtype_info "\n", _p(page_to_mfn(page)), page->count_info, page->u.inuse.type_info); } + spin_unlock(&d->page_alloc_lock); } if ( is_hvm_domain(d) ) @@ -152,12 +154,14 @@ void dump_pageframe_info(struct domain *d) p2m_pod_dump_data(d); } + spin_lock(&d->page_alloc_lock); page_list_for_each ( page, &d->xenpage_list ) { printk(" XenPage %p: caf=%08lx, taf=%" PRtype_info "\n", _p(page_to_mfn(page)), page->count_info, page->u.inuse.type_info); } + spin_unlock(&d->page_alloc_lock); } struct domain *alloc_domain_struct(void) diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 36728c6192..1bcd71616a 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1833,6 +1833,7 @@ int p2m_alloc_table(struct domain *d, goto error; /* Copy all existing mappings from the page list and m2p */ + spin_lock(&d->page_alloc_lock); page_list_for_each(page, &d->page_list) { mfn = page_to_mfn(page); @@ -1848,13 +1849,16 @@ int p2m_alloc_table(struct domain *d, #endif && gfn != INVALID_M2P_ENTRY && !set_p2m_entry(d, gfn, mfn, 0, p2m_ram_rw) ) - goto error; + goto error_unlock; } + spin_unlock(&d->page_alloc_lock); P2M_PRINTK("p2m table initialised (%u pages)\n", page_count); p2m_unlock(p2m); return 0; +error_unlock: + spin_unlock(&d->page_alloc_lock); error: P2M_PRINTK("failed to initialize p2m table, gfn=%05lx, mfn=%" PRI_mfn "\n", gfn, mfn_x(mfn)); diff --git a/xen/arch/x86/numa.c b/xen/arch/x86/numa.c index 466ff76db6..92c2f5b631 100644 --- a/xen/arch/x86/numa.c +++ b/xen/arch/x86/numa.c @@ -385,11 +385,13 @@ static void dump_numa(unsigned char key) for_each_online_node(i) page_num_node[i] = 0; + spin_lock(&d->page_alloc_lock); page_list_for_each(page, &d->page_list) { i = phys_to_nid((paddr_t)page_to_mfn(page) << PAGE_SHIFT); page_num_node[i]++; } + spin_unlock(&d->page_alloc_lock); for_each_online_node(i) printk(" Node %u: %u\n", i, page_num_node[i]); diff --git a/xen/arch/x86/tboot.c b/xen/arch/x86/tboot.c index aac0f82947..91f97ce438 100644 --- a/xen/arch/x86/tboot.c +++ b/xen/arch/x86/tboot.c @@ -211,12 +211,14 @@ static void tboot_gen_domain_integrity(const uint8_t key[TB_KEY_SIZE], continue; printk("MACing Domain %u\n", d->domain_id); + spin_lock(&d->page_alloc_lock); page_list_for_each(page, &d->page_list) { void *pg = __map_domain_page(page); vmac_update(pg, PAGE_SIZE, &ctx); unmap_domain_page(pg); } + spin_unlock(&d->page_alloc_lock); if ( !is_idle_domain(d) ) { -- 2.30.2