From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matt Wilson Subject: [PATCH] gnttab: lock the left grant table earlier in __gnttab_unmap_common() Date: Sun, 10 Nov 2013 18:07:22 -0800 Message-ID: <1384135642-26301-1-git-send-email-msw@linux.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1VfgvU-0006CV-B9 for xen-devel@lists.xenproject.org; Mon, 11 Nov 2013 02:08:28 +0000 Received: by mail-pb0-f53.google.com with SMTP id up7so4522196pbc.26 for ; Sun, 10 Nov 2013 18:08:24 -0800 (PST) List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Keir Fraser , Jan Beulich , Matt Wilson , Anthony Liguori List-Id: xen-devel@lists.xenproject.org From: Matt Wilson Luckily today maptrack_limit never shrinks. But if at some point in the future this were to change, checking maptrack_limit without holding the grant table spinlock would no longer be safe. Cc: xen-devel@lists.xenproject.org Cc: Keir Fraser Cc: Jan Beulich Cc: Andrew Cooper Cc: Anthony Liguori Signed-off-by: Matt Wilson --- xen/common/grant_table.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 21c6a14..ef10ff4 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -842,15 +842,16 @@ __gnttab_unmap_common( op->frame = (unsigned long)(op->dev_bus_addr >> PAGE_SHIFT); + spin_lock(&lgt->lock); if ( unlikely(op->handle >= lgt->maptrack_limit) ) { + spin_unlock(&lgt->lock); gdprintk(XENLOG_INFO, "Bad handle (%d).\n", op->handle); op->status = GNTST_bad_handle; return; } op->map = &maptrack_entry(lgt, op->handle); - spin_lock(&lgt->lock); if ( unlikely(!op->map->flags) ) { -- 1.7.9.5