x86: Retry do_mmu_update() a few times when called on a pte whose type is in flux.

This can really happen -- all our PV Linux kernels have a race
between vmalloc_sync_all() and pgdir pinning/unpinning. The former is
protected by pgd_lock while the latter by mm->page_table_lock. Hence
they can happen concurrently, and vmalloc_sync_all() can attempt to
set_pmd() on a page directory which is in the process of being
pinned. This can confuse the hypervisor which may see a type change,
and hence fail do_mmu_update(). Until this patch. :-)

Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 96344db47eb958f20e7055e4ab1b7b21f376a5b6..b75763b5bc1922cf19b53fae85cc3f08d49184af 100644 (file)
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3414,6 +3414,7 @@ int do_mmu_update(
         case MMU_NORMAL_PT_UPDATE:
         case MMU_PT_UPDATE_PRESERVE_AD:
         {
+            unsigned int retries = 0;
             p2m_type_t p2mt;
 
             rc = xsm_mmu_normal_update(d, pg_owner, req.val);
@@ -3445,6 +3446,7 @@ int do_mmu_update(
                           (unsigned long)(req.ptr & ~PAGE_MASK));
             page = mfn_to_page(mfn);
 
+        retry:
             if ( page_lock(page) )
             {
                 switch ( page->u.inuse.type_info & PGT_type_mask )
@@ -3601,6 +3603,11 @@ int do_mmu_update(
                     v, va, req.val, _mfn(mfn));
                 put_page_type(page);
             }
+            else if ( retries++ < 5 )
+            {
+                /* Page type can be in flux, so we retry a few times. */
+                goto retry;
+            }
 
             unmap_domain_page_with_cache(va, &mapcache);
             put_page(page);