x86/mm: Do not set page's count_info directly

Page offline patch add several flag to page_info->count_info. However,
currently some code will try to set count_info after alloc_domheap_pages
without using "&" or "|" operation, this may cause the new flags lost, since
there are no protection. This patch try to make sure all write to
count_info will only impact specific field.

Also currently shadow code assume count_info is 0 for shadow page,
however, this is invalid after the new flags. Change some assert in
shadow code.

Signed-off-by: Jiang, Yunhong <yunhong.jiang@intel.com>

diff --git a/xen/arch/x86/mm/hap/hap.c b/xen/arch/x86/mm/hap/hap.c
index b753e7af598f81301abb001d03184d34189fddf3..b7615f0d694ca31350c3d9e4767b0f8d8697bde2 100644 (file)
--- a/xen/arch/x86/mm/hap/hap.c
+++ b/xen/arch/x86/mm/hap/hap.c
@@ -152,7 +152,7 @@ static struct page_info *hap_alloc_p2m_page(struct domain *d)
         d->arch.paging.hap.total_pages--;
         d->arch.paging.hap.p2m_pages++;
         page_set_owner(pg, d);
-        pg->count_info = 1;
+        pg->count_info |= 1;
     }
 
     hap_unlock(d);
@@ -167,7 +167,7 @@ void hap_free_p2m_page(struct domain *d, struct page_info *pg)
     if ( (pg->count_info & PGC_count_mask) != 1 )
         HAP_ERROR("Odd p2m page count c=%#lx t=%"PRtype_info"\n",
                   pg->count_info, pg->u.inuse.type_info);
-    pg->count_info = 0;
+    pg->count_info &= ~PGC_count_mask;
     /* Free should not decrement domain's total allocation, since
      * these pages were allocated without an owner. */
     page_set_owner(pg, NULL);
@@ -218,7 +218,6 @@ hap_set_allocation(struct domain *d, unsigned int pages, int *preempted)
             ASSERT(pg);
             d->arch.paging.hap.free_pages--;
             d->arch.paging.hap.total_pages--;
-            pg->count_info = 0;
             free_domheap_page(pg);
         }
 

diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index e7baa627204929161f1e162d620d4a3cb542e823..296eb44e0753b36fb28052d496316aab9cfd5fdc 100644 (file)
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -177,7 +177,7 @@ p2m_next_level(struct domain *d, mfn_t *table_mfn, void **table,
             return 0;
         page_list_add_tail(pg, &d->arch.p2m->pages);
         pg->u.inuse.type_info = type | 1 | PGT_validated;
-        pg->count_info = 1;
+        pg->count_info |= 1;
 
         new_entry = l1e_from_pfn(mfn_x(page_to_mfn(pg)),
                                  __PAGE_HYPERVISOR|_PAGE_USER);
@@ -216,7 +216,7 @@ p2m_next_level(struct domain *d, mfn_t *table_mfn, void **table,
             return 0;
         page_list_add_tail(pg, &d->arch.p2m->pages);
         pg->u.inuse.type_info = PGT_l1_page_table | 1 | PGT_validated;
-        pg->count_info = 1;
+        pg->count_info |= 1;
         
         /* New splintered mappings inherit the flags of the old superpage, 
          * with a little reorganisation for the _PAGE_PSE_PAT bit. */

diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c
index 5ac9529e4a1e53bf4c9f5f2d0d56a1c9ac2870b7..ca4cb13ac4831027743c128dddcb243bac54ccea 100644 (file)
--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -1677,7 +1677,7 @@ sh_alloc_p2m_pages(struct domain *d)
          * believed to be a concern.
          */
         page_set_owner(&pg[i], d);
-        pg[i].count_info = 1;
+        pg[i].count_info |= 1;
         page_list_add_tail(&pg[i], &d->arch.paging.shadow.p2m_freelist);
     }
     return 1;
@@ -1721,7 +1721,7 @@ shadow_free_p2m_page(struct domain *d, struct page_info *pg)
         SHADOW_ERROR("Odd p2m page count c=%#lx t=%"PRtype_info"\n",
                      pg->count_info, pg->u.inuse.type_info);
     }
-    pg->count_info = 0;
+    pg->count_info &= ~PGC_count_mask;
     /* Free should not decrement domain's total allocation, since 
      * these pages were allocated without an owner. */
     page_set_owner(pg, NULL); 
@@ -1895,7 +1895,7 @@ static void sh_hash_audit_bucket(struct domain *d, int bucket)
     while ( sp )
     {
         /* Not a shadow? */
-        BUG_ON( sp->count_info != 0 );
+        BUG_ON( (sp->count_info & PGC_count_mask )!= 0 ) ;
         /* Bogus type? */
         BUG_ON( sp->u.sh.type == 0 );
         BUG_ON( sp->u.sh.type > SH_type_max_shadow );

diff --git a/xen/arch/x86/mm/shadow/multi.c b/xen/arch/x86/mm/shadow/multi.c
index 56fc5635e4afaa987a743417d76cd8f385e5263f..9324de8c22a83e770acf9af04bfa0a4cc623b77e 100644 (file)
--- a/xen/arch/x86/mm/shadow/multi.c
+++ b/xen/arch/x86/mm/shadow/multi.c
@@ -4281,7 +4281,7 @@ int sh_rm_write_access_from_sl1p(struct vcpu *v, mfn_t gmfn,
 
     sp = mfn_to_page(smfn);
 
-    if ( sp->count_info != 0
+    if ( ((sp->count_info & PGC_count_mask) != 0)
          || (sp->u.sh.type != SH_type_l1_shadow
              && sp->u.sh.type != SH_type_fl1_shadow) )
         goto fail;

diff --git a/xen/arch/x86/mm/shadow/private.h b/xen/arch/x86/mm/shadow/private.h
index abc820216a0807fad78ea03488c936d58951389d..a831afd5f5863b1206cd54d9ee2c0da7d4428c53 100644 (file)
--- a/xen/arch/x86/mm/shadow/private.h
+++ b/xen/arch/x86/mm/shadow/private.h
@@ -647,7 +647,7 @@ static inline void sh_put_ref(struct vcpu *v, mfn_t smfn, paddr_t entry_pa)
     struct page_info *sp = mfn_to_page(smfn);
 
     ASSERT(mfn_valid(smfn));
-    ASSERT(sp->count_info == 0);
+    ASSERT(!(sp->count_info & PGC_count_mask));
 
     /* If this is the entry in the up-pointer, remove it */
     if ( entry_pa != 0