diff options
| author | Olaf Hering <olaf@aepfle.de> | 2011-10-13 12:21:10 +0100 |
|---|---|---|
| committer | Olaf Hering <olaf@aepfle.de> | 2011-10-13 12:21:10 +0100 |
| commit | 2d1f750000dc65ed6dd60a1ce8dd53c3bf3d59a5 (patch) | |
| tree | 307a2ce4031dabe6f9cc88a0fac5dea6215259bf | |
| parent | e2d74530a9c6e9fabc2ad23dc522f6b40db503a3 (diff) | |
| download | xen-2d1f750000dc65ed6dd60a1ce8dd53c3bf3d59a5.tar.gz xen-2d1f750000dc65ed6dd60a1ce8dd53c3bf3d59a5.tar.bz2 xen-2d1f750000dc65ed6dd60a1ce8dd53c3bf3d59a5.zip | |
xenpaging: handle evict failures
Evict of a nominated gfn must fail if some other process mapped the
page without checking the p2mt of that gfn first.
Add a check to cancel eviction if the page usage count is not 1.
Handle the possible eviction failure in the page-in paths.
After nominate and before evict, something may check the p2mt and call
populate. Handle this case and let the gfn enter the page-in path. The
gfn may still be connected to a mfn, so there is no need to allocate a
new page in prep.
Adjust do_mmu_update to return -ENOENT only if the gfn has entered the
page-in path and if it is not yet connected to a mfn. Otherwise
linux_privcmd_map_foreign_bulk() may loop forever.
Add MEM_EVENT_FLAG_EVICT_FAIL to inform pager that a page-in request for
a possible not-evicted page was sent. xenpaging does currently not need
that flag because failure to evict a gfn will be caught.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Tim Deegan <tim@xen.org>
| -rw-r--r-- | tools/xenpaging/xenpaging.c | 10 | ||||
| -rw-r--r-- | xen/arch/x86/mm.c | 8 | ||||
| -rw-r--r-- | xen/arch/x86/mm/p2m.c | 56 | ||||
| -rw-r--r-- | xen/include/public/mem_event.h | 1 |
4 files changed, 50 insertions, 25 deletions
diff --git a/tools/xenpaging/xenpaging.c b/tools/xenpaging/xenpaging.c index 1ab756efb2..7fbb177c70 100644 --- a/tools/xenpaging/xenpaging.c +++ b/tools/xenpaging/xenpaging.c @@ -734,10 +734,12 @@ int main(int argc, char *argv[]) } else { - DPRINTF("page already populated (domain = %d; vcpu = %d;" - " gfn = %"PRIx64"; paused = %d)\n", - paging->mem_event.domain_id, req.vcpu_id, - req.gfn, req.flags & MEM_EVENT_FLAG_VCPU_PAUSED); + DPRINTF("page %s populated (domain = %d; vcpu = %d;" + " gfn = %"PRIx64"; paused = %d; evict_fail = %d)\n", + req.flags & MEM_EVENT_FLAG_EVICT_FAIL ? "not" : "already", + paging->mem_event.domain_id, req.vcpu_id, req.gfn, + !!(req.flags & MEM_EVENT_FLAG_VCPU_PAUSED) , + !!(req.flags & MEM_EVENT_FLAG_EVICT_FAIL) ); /* Tell Xen to resume the vcpu */ /* XXX: Maybe just check if the vcpu was paused? */ diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 35c5fc242c..d6cc78c45f 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3532,7 +3532,7 @@ int do_mmu_update( rc = -ENOENT; break; } - else if ( p2m_ram_paging_in_start == l1e_p2mt ) + else if ( p2m_ram_paging_in_start == l1e_p2mt && !mfn_valid(mfn) ) { rc = -ENOENT; break; @@ -3572,7 +3572,7 @@ int do_mmu_update( rc = -ENOENT; break; } - else if ( p2m_ram_paging_in_start == l2e_p2mt ) + else if ( p2m_ram_paging_in_start == l2e_p2mt && !mfn_valid(mfn) ) { rc = -ENOENT; break; @@ -3600,7 +3600,7 @@ int do_mmu_update( rc = -ENOENT; break; } - else if ( p2m_ram_paging_in_start == l3e_p2mt ) + else if ( p2m_ram_paging_in_start == l3e_p2mt && !mfn_valid(mfn) ) { rc = -ENOENT; break; @@ -3628,7 +3628,7 @@ int do_mmu_update( rc = -ENOENT; break; } - else if ( p2m_ram_paging_in_start == l4e_p2mt ) + else if ( p2m_ram_paging_in_start == l4e_p2mt && !mfn_valid(mfn) ) { rc = -ENOENT; break; diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 004cd9b5b1..9e479bfb06 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -731,15 +731,24 @@ int p2m_mem_paging_evict(struct domain *d, unsigned long gfn) if ( unlikely(!mfn_valid(mfn)) ) goto out; - if ( (p2mt == p2m_ram_paged) || (p2mt == p2m_ram_paging_in) || - (p2mt == p2m_ram_paging_in_start) ) + /* Allow only nominated pages */ + if ( p2mt != p2m_ram_paging_out ) goto out; + ret = -EBUSY; /* Get the page so it doesn't get modified under Xen's feet */ page = mfn_to_page(mfn); if ( unlikely(!get_page(page, d)) ) goto out; + /* Check page count and type once more */ + if ( (page->count_info & (PGC_count_mask | PGC_allocated)) != + (2 | PGC_allocated) ) + goto out_put; + + if ( (page->u.inuse.type_info & PGT_type_mask) != PGT_none ) + goto out_put; + /* Decrement guest domain's ref count of the page */ if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) put_page(page); @@ -751,14 +760,15 @@ int p2m_mem_paging_evict(struct domain *d, unsigned long gfn) /* Clear content before returning the page to Xen */ scrub_one_page(page); - /* Put the page back so it gets freed */ - put_page(page); - /* Track number of paged gfns */ atomic_inc(&d->paged_pages); ret = 0; + out_put: + /* Put the page back so it gets freed */ + put_page(page); + out: p2m_unlock(p2m); return ret; @@ -788,6 +798,7 @@ void p2m_mem_paging_populate(struct domain *d, unsigned long gfn) mem_event_request_t req; p2m_type_t p2mt; p2m_access_t a; + mfn_t mfn; struct p2m_domain *p2m = p2m_get_hostp2m(d); /* Check that there's space on the ring for this request */ @@ -799,21 +810,26 @@ void p2m_mem_paging_populate(struct domain *d, unsigned long gfn) /* Fix p2m mapping */ p2m_lock(p2m); - p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL); - if ( p2mt == p2m_ram_paged ) + mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL); + /* Allow only nominated or evicted pages to enter page-in path */ + if ( p2mt == p2m_ram_paging_out || p2mt == p2m_ram_paged ) { - set_p2m_entry(p2m, gfn, _mfn(INVALID_MFN), 0, - p2m_ram_paging_in_start, a); + /* Evict will fail now, tag this request for pager */ + if ( p2mt == p2m_ram_paging_out ) + req.flags |= MEM_EVENT_FLAG_EVICT_FAIL; + + set_p2m_entry(p2m, gfn, mfn, 0, p2m_ram_paging_in_start, a); audit_p2m(p2m, 1); } p2m_unlock(p2m); - /* Pause domain */ - if ( v->domain->domain_id == d->domain_id ) + /* Pause domain if request came from guest and gfn has paging type */ + if ( p2m_is_paging(p2mt) && v->domain->domain_id == d->domain_id ) { vcpu_pause_nosync(v); req.flags |= MEM_EVENT_FLAG_VCPU_PAUSED; } + /* No need to inform pager if the gfn is not in the page-out path */ else if ( p2mt != p2m_ram_paging_out && p2mt != p2m_ram_paged ) { /* gfn is already on its way back and vcpu is not paused */ @@ -834,20 +850,26 @@ int p2m_mem_paging_prep(struct domain *d, unsigned long gfn) struct page_info *page; p2m_type_t p2mt; p2m_access_t a; + mfn_t mfn; struct p2m_domain *p2m = p2m_get_hostp2m(d); int ret = -ENOMEM; p2m_lock(p2m); - p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL); + mfn = p2m->get_entry(p2m, gfn, &p2mt, &a, p2m_query, NULL); - /* Get a free page */ - page = alloc_domheap_page(p2m->domain, 0); - if ( unlikely(page == NULL) ) - goto out; + /* Allocate a page if the gfn does not have one yet */ + if ( !mfn_valid(mfn) ) + { + /* Get a free page */ + page = alloc_domheap_page(p2m->domain, 0); + if ( unlikely(page == NULL) ) + goto out; + mfn = page_to_mfn(page); + } /* Fix p2m mapping */ - set_p2m_entry(p2m, gfn, page_to_mfn(page), 0, p2m_ram_paging_in, a); + set_p2m_entry(p2m, gfn, mfn, 0, p2m_ram_paging_in, a); audit_p2m(p2m, 1); atomic_dec(&d->paged_pages); diff --git a/xen/include/public/mem_event.h b/xen/include/public/mem_event.h index 45c15d3ef2..0097b34a33 100644 --- a/xen/include/public/mem_event.h +++ b/xen/include/public/mem_event.h @@ -38,6 +38,7 @@ /* Memory event flags */ #define MEM_EVENT_FLAG_VCPU_PAUSED (1 << 0) #define MEM_EVENT_FLAG_DROP_PAGE (1 << 1) +#define MEM_EVENT_FLAG_EVICT_FAIL (1 << 2) /* Reasons for the memory event request */ #define MEM_EVENT_REASON_UNKNOWN 0 /* typical reason */ |