x86/p2m: Stop other vcpus using a nested p2m before clearing it

Until the IPI has completed, other processors might be running on this nested
p2m object.  clear_domain_page() does not guarantee to make 8-byte atomic
updates, which means that a pagewalk on a remote processor might encounter a
partial update.

This is currently safe as other issues prevents a nested p2m ever being shared
between two cpus (although this is contrary to the original plan).

Setting p2m->np2m_base to P2M_BASE_EADDR before the IPI ensures that the IPI'd
processors won't continue to use the flushed mappings.

While modifying this function, remove all the trailing whitespace and tweak
style in the affected areas.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Tim Deegan <tim@xen.org>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 6548e9ff8b8381d3f30c1b3916403106fb8e3fc1..c0bab4a0e410bde11ee1ba81b4735604b03d9569 100644 (file)
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -1620,8 +1620,10 @@ p2m_flush_table(struct p2m_domain *p2m)
 
     p2m_lock(p2m);
 
-    /* "Host" p2m tables can have shared entries &c that need a bit more 
-     * care when discarding them */
+    /*
+     * "Host" p2m tables can have shared entries &c that need a bit more care
+     * when discarding them.
+     */
     ASSERT(!p2m_is_hostp2m(p2m));
     /* Nested p2m's do not do pod, hence the asserts (and no pod lock)*/
     ASSERT(page_list_empty(&p2m->pod.super));
@@ -1635,19 +1637,21 @@ p2m_flush_table(struct p2m_domain *p2m)
 
     /* This is no longer a valid nested p2m for any address space */
     p2m->np2m_base = P2M_BASE_EADDR;
-    
-    /* Zap the top level of the trie */
-    mfn = pagetable_get_mfn(p2m_get_pagetable(p2m));
-    clear_domain_page(mfn);
 
     /* Make sure nobody else is using this p2m table */
     nestedhvm_vmcx_flushtlb(p2m);
 
+    /* Zap the top level of the trie */
+    mfn = pagetable_get_mfn(p2m_get_pagetable(p2m));
+    clear_domain_page(mfn);
+
     /* Free the rest of the trie pages back to the paging pool */
     top = mfn_to_page(mfn);
     while ( (pg = page_list_remove_head(&p2m->pages)) )
-        if ( pg != top ) 
+    {
+        if ( pg != top )
             d->arch.paging.free_page(d, pg);
+    }
     page_list_add(top, &p2m->pages);
 
     p2m_unlock(p2m);