diff options
| author | Keir Fraser <keir.fraser@citrix.com> | 2008-02-25 11:24:06 +0000 |
|---|---|---|
| committer | Keir Fraser <keir.fraser@citrix.com> | 2008-02-25 11:24:06 +0000 |
| commit | 6b59529fbe96324fdbad36d294bee4830f71d365 (patch) | |
| tree | 7bfbe492f6166fd58ca8dc4340aacefaa5571a95 | |
| parent | 1fd66acbc728956b45767c5934b0a393c1c73a78 (diff) | |
| download | xen-6b59529fbe96324fdbad36d294bee4830f71d365.tar.gz xen-6b59529fbe96324fdbad36d294bee4830f71d365.tar.bz2 xen-6b59529fbe96324fdbad36d294bee4830f71d365.zip | |
x86: Foreign mappings of HVM-guest pages should not affect type count,
even when the mapping is made via a grant reference.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
| -rw-r--r-- | xen/common/grant_table.c | 24 | ||||
| -rw-r--r-- | xen/include/asm-ia64/grant_table.h | 6 | ||||
| -rw-r--r-- | xen/include/asm-powerpc/grant_table.h | 11 | ||||
| -rw-r--r-- | xen/include/asm-x86/grant_table.h | 16 |
4 files changed, 30 insertions, 27 deletions
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 6f402832f5..3f69e822fe 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -350,10 +350,10 @@ __gnttab_map_grant_ref( else { if ( unlikely(!mfn_valid(frame)) || - unlikely(!((op->flags & GNTMAP_readonly) ? - get_page(mfn_to_page(frame), rd) : + unlikely(!(gnttab_host_mapping_get_page_type(op, ld, rd) ? get_page_and_type(mfn_to_page(frame), rd, - PGT_writable_page))) ) + PGT_writable_page) : + get_page(mfn_to_page(frame), rd))) ) { if ( !rd->is_dying ) gdprintk(XENLOG_WARNING, "Could not pin grant frame %lx\n", @@ -367,7 +367,7 @@ __gnttab_map_grant_ref( rc = create_grant_host_mapping(op->host_addr, frame, op->flags, 0); if ( rc != GNTST_okay ) { - if ( !(op->flags & GNTMAP_readonly) ) + if ( gnttab_host_mapping_get_page_type(op, ld, rd) ) put_page_type(mfn_to_page(frame)); put_page(mfn_to_page(frame)); goto undo_out; @@ -604,7 +604,7 @@ __gnttab_unmap_common_complete(struct gnttab_unmap_common *op) if ( !is_iomem_page(op->frame) ) { - if ( !(op->flags & GNTMAP_readonly) ) + if ( gnttab_host_mapping_get_page_type(op, ld, rd) ) put_page_type(mfn_to_page(op->frame)); put_page(mfn_to_page(op->frame)); } @@ -1662,8 +1662,9 @@ gnttab_release_mappings( { BUG_ON(!(act->pin & GNTPIN_hstr_mask)); act->pin -= GNTPIN_hstr_inc; - if ( !is_iomem_page(act->frame) ) - gnttab_release_put_page(mfn_to_page(act->frame)); + if ( gnttab_release_host_mappings && + !is_iomem_page(act->frame) ) + put_page(mfn_to_page(act->frame)); } } else @@ -1680,8 +1681,13 @@ gnttab_release_mappings( { BUG_ON(!(act->pin & GNTPIN_hstw_mask)); act->pin -= GNTPIN_hstw_inc; - if ( !is_iomem_page(act->frame) ) - gnttab_release_put_page_and_type(mfn_to_page(act->frame)); + if ( gnttab_release_host_mappings && + !is_iomem_page(act->frame) ) + { + if ( gnttab_host_mapping_get_page_type(map, d, rd) ) + put_page_type(mfn_to_page(act->frame)); + put_page(mfn_to_page(act->frame)); + } } if ( (act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) == 0 ) diff --git a/xen/include/asm-ia64/grant_table.h b/xen/include/asm-ia64/grant_table.h index d8bdb83798..52949b822e 100644 --- a/xen/include/asm-ia64/grant_table.h +++ b/xen/include/asm-ia64/grant_table.h @@ -65,8 +65,10 @@ static inline void gnttab_clear_flag(unsigned long nr, uint16_t *addr) clear_bit(nr, addr); } -#define gnttab_release_put_page(page) put_page((page)) -#define gnttab_release_put_page_and_type(page) put_page_and_type((page)) +#define gnttab_host_mapping_get_page_type(op, ld, rd) \ + (!((op)->flags & GNTMAP_readonly)) + +#define gnttab_release_host_mappings 1 static inline int replace_grant_supported(void) { diff --git a/xen/include/asm-powerpc/grant_table.h b/xen/include/asm-powerpc/grant_table.h index fc9e93f80a..06224a1754 100644 --- a/xen/include/asm-powerpc/grant_table.h +++ b/xen/include/asm-powerpc/grant_table.h @@ -76,17 +76,14 @@ static inline uint cpu_foreign_map_order(void) return 34 - PAGE_SHIFT; } -#if 0 +#define gnttab_host_mapping_get_page_type(op, ld, rd) \ + (!((op)->flags & GNTMAP_readonly)) + /* * without put_page()/put_page_and_type() page might be leaked. * with put_page()/put_page_and_type() freed page might be accessed. */ -#define gnttab_release_put_page(page) put_page((page)) -#define gnttab_release_put_page_and_type(page) put_page_and_type((page)) -#else -#define gnttab_release_put_page(page) do { } while (0) -#define gnttab_release_put_page_and_type(page) do { } while (0) -#endif +#define gnttab_release_host_mappings 0 static inline int replace_grant_supported(void) { diff --git a/xen/include/asm-x86/grant_table.h b/xen/include/asm-x86/grant_table.h index 262be019fb..d7e3c3754f 100644 --- a/xen/include/asm-x86/grant_table.h +++ b/xen/include/asm-x86/grant_table.h @@ -38,15 +38,13 @@ static inline void gnttab_clear_flag(unsigned long nr, uint16_t *addr) clear_bit(nr, addr); } -#define gnttab_release_put_page(page) \ - do { \ - /* Done implicitly when page tables are destroyed. */ \ - } while (0) - -#define gnttab_release_put_page_and_type(page) \ - do { \ - /* Done implicitly when page tables are destroyed. */ \ - } while (0) +/* Foreign mappings of HHVM-guest pages do not modify the type count. */ +#define gnttab_host_mapping_get_page_type(op, ld, rd) \ + (!((op)->flags & GNTMAP_readonly) && \ + (((ld) == (rd)) || !paging_mode_external(rd))) + +/* Done implicitly when page tables are destroyed. */ +#define gnttab_release_host_mappings 0 static inline int replace_grant_supported(void) { |