From d909cb99998cd63761e238c59e274450c7dacd8e Mon Sep 17 00:00:00 2001 From: Yu Zhang Date: Fri, 7 Apr 2017 17:35:44 +0200 Subject: [PATCH] x86/ioreq server: release the p2m lock after mmio is handled Routine hvmemul_do_io() may need to peek the p2m type of a gfn to select the ioreq server. For example, operations on gfns with p2m_ioreq_server type will be delivered to a corresponding ioreq server, and this requires that the p2m type not be switched back to p2m_ram_rw during the emulation process. To avoid this race condition, we delay the release of p2m lock in hvm_hap_nested_page_fault() until mmio is handled. Note: previously in hvm_hap_nested_page_fault(), put_gfn() was moved before the handling of mmio, due to a deadlock risk between the p2m lock and the event lock(in commit 77b8dfe). Later, a per-event channel lock was introduced in commit de6acb7, to send events. So we do not need to worry about the deadlock issue. Signed-off-by: Yu Zhang Reviewed-by: Jan Beulich --- xen/arch/x86/hvm/hvm.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 35531ae374..f50d15ff50 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -1843,15 +1843,10 @@ int hvm_hap_nested_page_fault(paddr_t gpa, unsigned long gla, (npfec.write_access && (p2m_is_discard_write(p2mt) || (p2mt == p2m_ioreq_server))) ) { - __put_gfn(p2m, gfn); - if ( ap2m_active ) - __put_gfn(hostp2m, gfn); - - rc = 0; if ( !handle_mmio_with_translation(gla, gpa >> PAGE_SHIFT, npfec) ) hvm_inject_hw_exception(TRAP_gp_fault, 0); rc = 1; - goto out; + goto out_put_gfn; } /* Check if the page has been paged out */ -- 2.30.2