From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: jeremy@goop.org, xen-devel@lists.xensource.com, Ian.Campbell@citrix.com
Subject: Re: [PATCH 3/7] xen-gntdev: Remove unneeded structures from grant_map tracking data
Date: Mon, 10 Jan 2011 17:14:15 -0500 [thread overview]
Message-ID: <20110110221415.GE15016@dumpdata.com> (raw)
In-Reply-To: <1292545063-32107-4-git-send-email-dgdegra@tycho.nsa.gov>
> @@ -134,6 +133,7 @@ static void gntdev_add_map(struct gntdev_priv *priv, struct grant_map *add)
> {
> struct grant_map *map;
>
> + spin_lock(&priv->lock);
> list_for_each_entry(map, &priv->maps, next) {
> if (add->index + add->count < map->index) {
> list_add_tail(&add->next, &map->next);
> @@ -144,8 +144,10 @@ static void gntdev_add_map(struct gntdev_priv *priv, struct grant_map *add)
> list_add_tail(&add->next, &priv->maps);
>
> done:
> + add->priv = priv;
> if (debug)
> gntdev_print_maps(priv, "[new]", add->index);
> + spin_unlock(&priv->lock);
That looks like you are also fixing a bug?
> }
>
> static struct grant_map *gntdev_find_map_index(struct gntdev_priv *priv, int index,
> @@ -186,9 +188,10 @@ static int gntdev_del_map(struct grant_map *map)
>
> if (map->vma)
> return -EBUSY;
> - for (i = 0; i < map->count; i++)
> - if (map->unmap_ops[i].handle)
> - return -EBUSY;
> + if (map->is_mapped)
> + for (i = 0; i < map->count; i++)
> + if (map->pginfo[i].handle)
> + return -EBUSY;
>
> atomic_sub(map->count, &pages_mapped);
> list_del(&map->next);
> @@ -202,15 +205,10 @@ static void gntdev_free_map(struct grant_map *map)
> if (!map)
> return;
>
> - if (map->pages)
> - for (i = 0; i < map->count; i++) {
> - if (map->pages[i])
> - __free_page(map->pages[i]);
> - }
> - kfree(map->pages);
> - kfree(map->grants);
> - kfree(map->map_ops);
> - kfree(map->unmap_ops);
> + for (i = 0; i < map->count; i++) {
> + if (map->pages[i])
> + __free_page(map->pages[i]);
> + }
> kfree(map);
> }
>
> @@ -223,53 +221,99 @@ static int find_grant_ptes(pte_t *pte, pgtable_t token, unsigned long addr, void
> u64 pte_maddr;
>
> BUG_ON(pgnr >= map->count);
> +
> pte_maddr = arbitrary_virt_to_machine(pte).maddr;
> + map->pginfo[pgnr].pte_maddr = pte_maddr;
>
> - gnttab_set_map_op(&map->map_ops[pgnr], pte_maddr,
> - GNTMAP_contains_pte | map->flags,
> - map->grants[pgnr].ref,
> - map->grants[pgnr].domid);
> - gnttab_set_unmap_op(&map->unmap_ops[pgnr], pte_maddr,
> - GNTMAP_contains_pte | map->flags,
> - 0 /* handle */);
> return 0;
> }
>
> static int map_grant_pages(struct grant_map *map)
> {
> - int i, err = 0;
> + int i, flags, err = 0;
> + struct gnttab_map_grant_ref* map_ops = NULL;
>
> + flags = GNTMAP_host_map | GNTMAP_application_map | GNTMAP_contains_pte;
I am not sure if the GNTMAP_contains_pte is correct here. Stefano mentioned
that is used to determine how many arguments to put in the hypercall. Looking
at the previous usage - it was only done on the unmap_op, while you enforce
it on map_op too?
> + if (map->is_ro)
> + flags |= GNTMAP_readonly;
> +
> + err = -ENOMEM;
> + map_ops = kzalloc(sizeof(map_ops[0]) * map->count, GFP_TEMPORARY);
> + if (!map_ops)
> + goto out;
> +
> + for(i=0; i < map->count; i++) {
> + gnttab_set_map_op(&map_ops[i], map->pginfo[i].pte_maddr, flags,
> + map->pginfo[i].target.ref,
> + map->pginfo[i].target.domid);
> + }
> if (debug)
> printk("%s: map %d+%d\n", __FUNCTION__, map->index, map->count);
> - err = gnttab_map_refs(map->map_ops, map->pages, map->count);
> +
> + err = gnttab_map_refs(map_ops, map->pages, map->count);
> +
> if (WARN_ON(err))
> - return err;
> + goto out;
>
> for (i = 0; i < map->count; i++) {
> - if (map->map_ops[i].status)
> + if (map_ops[i].status) {
> + __free_page(map->pages[i]);
> + map->pages[i] = NULL;
> err = -EINVAL;
> - map->unmap_ops[i].handle = map->map_ops[i].handle;
> + } else {
> + map->pginfo[i].handle = map_ops[i].handle;
> + }
> }
> +
> +out:
> + kfree(map_ops);
> return err;
> }
>
> -static int unmap_grant_pages(struct grant_map *map, int offset, int pages)
> +static void unmap_grant_pages(struct grant_map *map, int offset, int pages)
> {
> - int i, err = 0;
> + int i, flags, err = 0;
> + struct gnttab_unmap_grant_ref *unmap_ops;
> + struct gnttab_unmap_grant_ref unmap_single;
> +
> + if (pages > 1) {
> + unmap_ops = kzalloc(sizeof(unmap_ops[0]) * pages,
> + GFP_TEMPORARY);
> + if (unlikely(!unmap_ops)) {
> + for(i=0; i < pages; i++)
> + unmap_grant_pages(map, offset + i, 1);
> + return;
> + }
> + } else {
> + unmap_ops = &unmap_single;
> + }
> +
> + flags = GNTMAP_host_map | GNTMAP_application_map | GNTMAP_contains_pte;
> + if (map->is_ro)
> + flags |= GNTMAP_readonly;
>
> + for(i=0; i < pages; i++)
> + gnttab_set_unmap_op(&unmap_ops[i],
> + map->pginfo[offset+i].pte_maddr, flags,
> + map->pginfo[offset+i].handle);
> if (debug)
> printk("%s: map %d+%d [%d+%d]\n", __FUNCTION__,
> map->index, map->count, offset, pages);
> - err = gnttab_unmap_refs(map->unmap_ops + offset, map->pages, pages);
> +
> + err = gnttab_unmap_refs(unmap_ops, map->pages + offset, pages);
> +
> if (WARN_ON(err))
> - return err;
> + goto out;
>
> for (i = 0; i < pages; i++) {
> - if (map->unmap_ops[offset+i].status)
> - err = -EINVAL;
> - map->unmap_ops[offset+i].handle = 0;
> + WARN_ON(unmap_ops[i].status);
Why change it from err to WARN_ON? I think the caller of this function
checks for this too so you would end up with two WARN_ON?
Also, you don't add the offset value to i here..
> + __free_page(map->pages[offset+i]);
> + map->pages[offset+i] = NULL;
> + map->pginfo[offset+i].handle = 0;
> }
> - return err;
> +out:
> + if (unmap_ops != &unmap_single)
> + kfree(unmap_ops);
> }
>
> /* ------------------------------------------------------------------ */
> @@ -308,7 +352,6 @@ static void mn_invl_range_start(struct mmu_notifier *mn,
> struct gntdev_priv *priv = container_of(mn, struct gntdev_priv, mn);
> struct grant_map *map;
> unsigned long mstart, mend;
> - int err;
>
> spin_lock(&priv->lock);
> list_for_each_entry(map, &priv->maps, next) {
> @@ -327,10 +370,9 @@ static void mn_invl_range_start(struct mmu_notifier *mn,
> __FUNCTION__, map->index, map->count,
> map->vma->vm_start, map->vma->vm_end,
> start, end, mstart, mend);
> - err = unmap_grant_pages(map,
> - (mstart - map->vma->vm_start) >> PAGE_SHIFT,
> - (mend - mstart) >> PAGE_SHIFT);
> - WARN_ON(err);
> + unmap_grant_pages(map,
> + (mstart - map->vma->vm_start) >> PAGE_SHIFT,
> + (mend - mstart) >> PAGE_SHIFT);
Ah, so you rememoved the WARN_ON here. What is the reason for doing so?
> }
> spin_unlock(&priv->lock);
> }
> @@ -347,7 +389,6 @@ static void mn_release(struct mmu_notifier *mn,
> {
> struct gntdev_priv *priv = container_of(mn, struct gntdev_priv, mn);
> struct grant_map *map;
> - int err;
>
> spin_lock(&priv->lock);
> list_for_each_entry(map, &priv->maps, next) {
> @@ -357,8 +398,7 @@ static void mn_release(struct mmu_notifier *mn,
> printk("%s: map %d+%d (%lx %lx)\n",
> __FUNCTION__, map->index, map->count,
> map->vma->vm_start, map->vma->vm_end);
> - err = unmap_grant_pages(map, 0, map->count);
> - WARN_ON(err);
> + unmap_grant_pages(map, 0, map->count);
> }
> spin_unlock(&priv->lock);
> }
> @@ -427,6 +467,7 @@ static long gntdev_ioctl_map_grant_ref(struct gntdev_priv *priv,
> {
> struct ioctl_gntdev_map_grant_ref op;
> struct grant_map *map;
> + struct ioctl_gntdev_grant_ref* grants;
> int err;
>
> if (copy_from_user(&op, u, sizeof(op)) != 0)
> @@ -437,38 +478,45 @@ static long gntdev_ioctl_map_grant_ref(struct gntdev_priv *priv,
> if (unlikely(op.count <= 0))
> return -EINVAL;
>
> - err = -ENOMEM;
> - map = gntdev_alloc_map(priv, op.count);
> - if (!map)
> - return err;
> + grants = kmalloc(sizeof(grants[0]) * op.count, GFP_TEMPORARY);
> + if (!grants)
> + return -ENOMEM;
>
> - if (copy_from_user(map->grants, &u->refs,
> - sizeof(map->grants[0]) * op.count) != 0) {
> - gntdev_free_map(map);
> - return err;
> + if (copy_from_user(grants, u->refs, sizeof(grants[0]) * op.count)) {
> + err = -EFAULT;
> + goto out_free;
> }
>
> + err = -ENOMEM;
> + map = gntdev_alloc_map(op.count, grants);
> + if (!map)
> + goto out_free;
> +
> if (unlikely(atomic_add_return(op.count, &pages_mapped) > limit))
> {
> if (debug)
> printk("%s: can't map: over limit\n", __FUNCTION__);
> - gntdev_free_map(map);
> - return err;
> + goto out_free_map;
I just noticed it now, but shouldn't we also free grants? That looks like
it needs a seperate bug patch thought.
> }
>
> - spin_lock(&priv->lock);
> gntdev_add_map(priv, map);
> op.index = map->index << PAGE_SHIFT;
> - spin_unlock(&priv->lock);
Ah, so you moved the spinlock down. I presume it is OK to have op.index be
unprotected.
>
> - if (copy_to_user(u, &op, sizeof(op)) != 0) {
> - spin_lock(&priv->lock);
> - gntdev_del_map(map);
> - spin_unlock(&priv->lock);
> - gntdev_free_map(map);
> - return err;
> + if (copy_to_user(u, &op, sizeof(op))) {
> + err = -EFAULT;
> + goto out_remove;
Hmm, should we free the grants on this exit path?
> }
> - return 0;
> + err = 0;
> +out_free:
> + kfree(grants);
> + return err;
> +out_remove:
> + spin_lock(&priv->lock);
> + gntdev_del_map(map);
> + spin_unlock(&priv->lock);
> +out_free_map:
> + gntdev_free_map(map);
> + goto out_free;
> }
next prev parent reply other threads:[~2011-01-10 22:14 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-17 0:17 [PATCH v3] Userspace grant communication Daniel De Graaf
2010-12-17 0:17 ` [PATCH 1/7] xen-gntdev: Fix circular locking dependency Daniel De Graaf
2010-12-17 0:17 ` [PATCH 2/7] xen-gntdev: Change page limit to be global instead of per-open Daniel De Graaf
2011-01-10 21:52 ` Konrad Rzeszutek Wilk
2011-01-11 12:45 ` Daniel De Graaf
2011-01-11 17:51 ` Konrad Rzeszutek Wilk
2011-01-11 18:18 ` Daniel De Graaf
2011-01-11 18:21 ` Konrad Rzeszutek Wilk
2011-01-11 18:49 ` [PATCH libxc] Remove set_max_grants in linux Daniel De Graaf
2011-01-12 17:17 ` Ian Jackson
2011-01-12 17:57 ` Daniel De Graaf
2011-01-13 12:09 ` Ian Jackson
2011-01-13 12:48 ` Daniel De Graaf
2011-01-17 17:29 ` Ian Jackson
2010-12-17 0:17 ` [PATCH 3/7] xen-gntdev: Remove unneeded structures from grant_map tracking data Daniel De Graaf
2011-01-10 22:14 ` Konrad Rzeszutek Wilk [this message]
2011-01-11 13:02 ` Daniel De Graaf
2010-12-17 0:17 ` [PATCH 4/7] xen-gntdev: Use find_vma rather than iterating our vma list manually Daniel De Graaf
2010-12-17 0:17 ` [PATCH 5/7] xen-gntdev: Add reference counting to maps Daniel De Graaf
2010-12-17 0:49 ` Jeremy Fitzhardinge
2010-12-17 15:11 ` Daniel De Graaf
2010-12-17 0:51 ` Jeremy Fitzhardinge
2010-12-17 15:22 ` [PATCH 5/7 v2] " Daniel De Graaf
2011-01-10 22:28 ` Konrad Rzeszutek Wilk
2011-01-10 22:24 ` [PATCH 5/7] " Konrad Rzeszutek Wilk
2011-01-11 11:10 ` Stefano Stabellini
2011-01-11 17:46 ` Konrad Rzeszutek Wilk
2011-01-12 11:58 ` Stefano Stabellini
2010-12-17 0:17 ` [PATCH 6/7] xen-gntdev: Support mapping in HVM domains Daniel De Graaf
2010-12-17 15:22 ` [PATCH 6/7 v2] " Daniel De Graaf
2011-01-10 22:41 ` [PATCH 6/7] " Konrad Rzeszutek Wilk
2011-01-11 13:15 ` Daniel De Graaf
2011-01-11 14:52 ` Daniel De Graaf
2011-01-11 18:00 ` c/s 22402 ("86 hvm: Refuse to perform __hvm_copy() work in atomic context.") breaks HVM, race possible in other code - any ideas? Konrad Rzeszutek Wilk
2011-01-11 18:24 ` Daniel De Graaf
2010-12-17 0:17 ` [PATCH 7/7] xen-gntalloc: Userspace grant allocation driver Daniel De Graaf
2011-01-07 11:56 ` [PATCH v3] Userspace grant communication Stefano Stabellini
2011-01-14 15:18 ` Konrad Rzeszutek Wilk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110110221415.GE15016@dumpdata.com \
--to=konrad.wilk@oracle.com \
--cc=Ian.Campbell@citrix.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=jeremy@goop.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).