From: Tim Deegan Date: Thu, 2 Jun 2011 12:16:52 +0000 (+0100) Subject: x86/mm/p2m: Fix locking discipline around p2m lookups. X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~10232 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=801827bf8d95db56b98e55719a6f99d17c9b78eb;p=xen.git x86/mm/p2m: Fix locking discipline around p2m lookups. All gfn_to_mfn* functions except _query() might take the p2m lock, so can't be called with a p2m, shadow, hap or log_dirty lock held. The remaining offender is the memory sharing code, which calls _unshare() from inside the pagetable walker! Fixing that is too big for a cleanup patch like this one. Signed-off-by: Tim Deegan --- diff --git a/xen/arch/x86/hvm/mtrr.c b/xen/arch/x86/hvm/mtrr.c index ec4a15f23d..11cfa4b106 100644 --- a/xen/arch/x86/hvm/mtrr.c +++ b/xen/arch/x86/hvm/mtrr.c @@ -390,7 +390,7 @@ uint32_t get_pat_flags(struct vcpu *v, { struct domain *d = v->domain; p2m_type_t p2mt; - gfn_to_mfn(d, paddr_to_pfn(gpaddr), &p2mt); + gfn_to_mfn_query(d, paddr_to_pfn(gpaddr), &p2mt); if (p2m_is_ram(p2mt)) gdprintk(XENLOG_WARNING, "Conflict occurs for a given guest l1e flags:%x " diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 460fbab9dc..d42b766271 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -566,7 +566,7 @@ set_mmio_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn) if ( 0 == rc ) gdprintk(XENLOG_ERR, "set_mmio_p2m_entry: set_p2m_entry failed! mfn=%08lx\n", - mfn_x(gfn_to_mfn(d, gfn, &ot))); + mfn_x(gfn_to_mfn_query(d, gfn, &ot))); return rc; } @@ -623,8 +623,8 @@ set_shared_p2m_entry(struct domain *d, unsigned long gfn, mfn_t mfn) p2m_unlock(p2m); if ( 0 == rc ) gdprintk(XENLOG_ERR, - "set_mmio_p2m_entry: set_p2m_entry failed! mfn=%08lx\n", - gmfn_to_mfn(p2m->domain, gfn)); + "set_shared_p2m_entry: set_p2m_entry failed! mfn=%08lx\n", + mfn_x(gfn_to_mfn_query(d, gfn, &ot))); return rc; } diff --git a/xen/arch/x86/mm/shadow/common.c b/xen/arch/x86/mm/shadow/common.c index 639eb62466..849dec347c 100644 --- a/xen/arch/x86/mm/shadow/common.c +++ b/xen/arch/x86/mm/shadow/common.c @@ -3712,7 +3712,7 @@ int shadow_track_dirty_vram(struct domain *d, /* Iterate over VRAM to track dirty bits. */ for ( i = 0; i < nr; i++ ) { - mfn_t mfn = gfn_to_mfn(d, begin_pfn + i, &t); + mfn_t mfn = gfn_to_mfn_query(d, begin_pfn + i, &t); struct page_info *page; int dirty = 0; paddr_t sl1ma = dirty_vram->sl1ma[i]; @@ -3797,7 +3797,7 @@ int shadow_track_dirty_vram(struct domain *d, /* was clean for more than two seconds, try to disable guest * write access */ for ( i = begin_pfn; i < end_pfn; i++ ) { - mfn_t mfn = gfn_to_mfn(d, i, &t); + mfn_t mfn = gfn_to_mfn_query(d, i, &t); if (mfn_x(mfn) != INVALID_MFN) flush_tlb |= sh_remove_write_access(d->vcpu[0], mfn, 1, 0); } diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index 0a2e538cfa..4b12ea2857 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -411,6 +411,10 @@ static inline mfn_t gfn_to_mfn_type(struct domain *d, return gfn_to_mfn_type_p2m(p2m, gfn, t, &a, q); } +/* Syntactic sugar: most callers will use one of these. + * N.B. gfn_to_mfn_query() is the _only_ one guaranteed not to take the + * p2m lock; none of the others can be called with the p2m, hap or + * shadow lock held. */ #define gfn_to_mfn(d, g, t) gfn_to_mfn_type((d), (g), (t), p2m_alloc) #define gfn_to_mfn_query(d, g, t) gfn_to_mfn_type((d), (g), (t), p2m_query) #define gfn_to_mfn_guest(d, g, t) gfn_to_mfn_type((d), (g), (t), p2m_guest)