From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?windows-1252?Q?Roger_Pau_Monn=E9?= <roger.pau@citrix.com>
Subject: Re: [PATCH 12/14] xen-blkback: safely unmap grants in
 case they are still in use
Date: Fri, 23 Jan 2015 16:47:12 +0100
Message-ID: <54C26D00.8000306@citrix.com>
References: <1421682692-20628-1-git-send-email-david.vrabel@citrix.com>
	<1421682692-20628-13-git-send-email-david.vrabel@citrix.com>
	<54C25B2F.9090205@citrix.com> <54C260BA.7060506@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <roger.pau@citrix.com>) id 1YEgS4-0004Rw-O7
	for xen-devel@lists.xenproject.org; Fri, 23 Jan 2015 15:47:16 +0000
In-Reply-To: <54C260BA.7060506@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: David Vrabel <david.vrabel@citrix.com>, xen-devel@lists.xenproject.org
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>, Jenny Herbert <jennifer.herbert@citrix.com>
List-Id: xen-devel@lists.xenproject.org

El 23/01/15 a les 15.54, David Vrabel ha escrit:
> On 23/01/15 14:31, Roger Pau Monn=E9 wrote:
>> El 19/01/15 a les 16.51, David Vrabel ha escrit:
>>> From: Jenny Herbert <jennifer.herbert@citrix.com>
>>>
>>> +static void xen_blkbk_unmap(struct xen_blkif *blkif,
>>> +                            struct grant_page *pages[],
>>> +                            int num)
>>> +{
>>> +	struct gnttab_unmap_grant_ref unmap[BLKIF_MAX_SEGMENTS_PER_REQUEST];
>>> +	struct page *unmap_pages[BLKIF_MAX_SEGMENTS_PER_REQUEST];
>>> +	unsigned int invcount =3D 0;
>>> +	int ret;
>>> +
>>> +	while (num) {
>>> +		unsigned int batch =3D min(num, BLKIF_MAX_SEGMENTS_PER_REQUEST);
>>> +		=

>>> +		invcount =3D xen_blkbk_unmap_prepare(blkif, pages, batch,
>>> +						   unmap, unmap_pages);
>>
>> I would add:
>>
>> BUG_ON(invcount !=3D batch);
> =

> I'm confused.  Surely invcount < batch is valid if one or more pages
> within this batch are persistently mapped?

Yes, my bad, see below.

> =

>>> +		if (invcount) {
>>> +			ret =3D gnttab_unmap_refs(unmap, NULL, unmap_pages, invcount);
>>>  			BUG_ON(ret);
>>> -			put_free_pages(blkif, unmap_pages, invcount);
>>> -			invcount =3D 0;
>>> +			xen_blkbk_unmap_done(blkif, unmap_pages, invcount);
>>>  		}
>>> -	}
>>> -	if (invcount) {
>>> -		ret =3D gnttab_unmap_refs(unmap, NULL, unmap_pages, invcount);
>>> -		BUG_ON(ret);
>>> -		put_free_pages(blkif, unmap_pages, invcount);
>>> +		pages +=3D batch;
>>> +		num -=3D batch;

This should be fixed to at least be (which is still not fully correct,
but it's better):

pages +=3D invcount;
num -=3D invcount;

I hope an example will clarify this, suppose we have the following pages
array:

pages[0] =3D persistent grant
pages[1] =3D persistent grant
pages[2] =3D regular grant
pages[3] =3D persistent grant
pages[4] =3D regular grant

And batch is 1. In this case, the unmapped grant will be pages[2], but
then due to the code below pages will be updated to point to &pages[1],
which has already been scanned. If this was done correctly pages should
point to &pages[3]. As said, it's not really a bug, but the loop is
sub-optimal.

Roger.