From: Jan Beulich Date: Thu, 22 Jun 2017 07:55:08 +0000 (+0200) Subject: gnttab: limit mapkind()'s iteration count X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~1940 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=31777889db4a379da66c35a68d60ccbcf290971c;p=xen.git gnttab: limit mapkind()'s iteration count There's no need for the function to observe increases of the maptrack table (which can occur as the maptrack lock isn't being held) - actual population of maptrack entries is excluded while we're here (by way of holding the respective grant table lock for writing, while code populating entries acquires it for reading). Latch the limit ahead of the loop, allowing for the barrier to move out, too. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 4316bf15be..11d5d73469 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -713,7 +713,7 @@ static unsigned int mapkind( struct grant_table *lgt, const struct domain *rd, unsigned long mfn) { struct grant_mapping *map; - grant_handle_t handle; + grant_handle_t handle, limit = lgt->maptrack_limit; unsigned int kind = 0; /* @@ -727,10 +727,10 @@ static unsigned int mapkind( */ ASSERT(percpu_rw_is_write_locked(&rd->grant_table->lock)); - for ( handle = 0; !(kind & MAPKIND_WRITE) && - handle < lgt->maptrack_limit; handle++ ) + smp_rmb(); + + for ( handle = 0; !(kind & MAPKIND_WRITE) && handle < limit; handle++ ) { - smp_rmb(); map = &maptrack_entry(lgt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) || map->domid != rd->domain_id )