[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[win-pv-devel] [PATCH 1/2] Don't try to __FreePages() with local copy of MDL

The XENVIF_RECEIVER_PACKET structure contains an embedded MDL so that
multi-fragment packets can be properly chained together. However this
structure should not be passed to __FreePages() as:

a) It appears to create problems with system PTE tracking
b) It results in memory corruption now that __FreePages() calls
   ExFreePool()

This patch therefore extends the packet structure with a pointer to the
original system MDL such that it can be passed to __FreePages() when the
packet destructor is called.

The patch also bypasses some calls to MmGetSystemAddressForMdlSafe() since
we can ASSERT that the MDL is already mapped to a system address.

Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx>
---
 src/xenvif/receiver.c | 50 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 20 deletions(-)

diff --git a/src/xenvif/receiver.c b/src/xenvif/receiver.c
index 99c113e..67a5cb2 100644
--- a/src/xenvif/receiver.c
+++ b/src/xenvif/receiver.c
@@ -121,6 +121,7 @@ typedef struct _XENVIF_RECEIVER_PACKET {
     PXENVIF_RECEIVER_RING           Ring;
     MDL                             Mdl;
     PFN_NUMBER                      __Pfn;
+    PMDL                            SystemMdl;
 } XENVIF_RECEIVER_PACKET, *PXENVIF_RECEIVER_PACKET;
 
 struct _XENVIF_RECEIVER {
@@ -170,7 +171,6 @@ ReceiverPacketCtor(
     PXENVIF_RECEIVER_RING   Ring = Argument;
     PXENVIF_RECEIVER_PACKET Packet = Object;
     PMDL                    Mdl;
-    PUCHAR                  StartVa;
     NTSTATUS                status;
 
     ASSERT(IsZeroMemory(Packet, sizeof (XENVIF_RECEIVER_PACKET)));
@@ -181,18 +181,17 @@ ReceiverPacketCtor(
     if (Mdl == NULL)
         goto fail1;
 
-    StartVa = MmGetSystemAddressForMdlSafe(Mdl, NormalPagePriority);
-    ASSERT(StartVa != NULL);
-    RtlFillMemory(StartVa, PAGE_SIZE, 0xAA);
-
     ASSERT3U(Mdl->ByteOffset, ==, 0);
-    Mdl->StartVa = StartVa;
-    Mdl->ByteCount = 0;
 
-    Packet->Mdl = *Mdl;
-    Packet->__Pfn = MmGetMdlPfnArray(Mdl)[0];
+    Packet->SystemMdl = Mdl;
 
-    ExFreePool(Mdl);
+    Packet->Mdl.Size = sizeof (MDL) + sizeof (PFN_NUMBER);
+    Packet->Mdl.MdlFlags = Mdl->MdlFlags;
+
+    ASSERT(Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA);
+    Packet->Mdl.MappedSystemVa = Mdl->MappedSystemVa;
+
+    Packet->__Pfn = MmGetMdlPfnArray(Mdl)[0];
 
     Packet->Ring = Ring;
 
@@ -219,13 +218,12 @@ ReceiverPacketDtor(
     ASSERT3P(Packet->Ring, ==, Ring);
     Packet->Ring = NULL;
 
-    Mdl = &Packet->Mdl;
-
-    Mdl->ByteCount = PAGE_SIZE;
+    Mdl = Packet->SystemMdl;
+    Packet->SystemMdl = NULL;
 
     __FreePage(Mdl);
 
-    RtlZeroMemory(Mdl, sizeof (MDL) + sizeof (PFN_NUMBER));
+    RtlZeroMemory(&Packet->Mdl, sizeof (MDL) + sizeof (PFN_NUMBER));
 
     ASSERT(IsZeroMemory(Packet, sizeof (XENVIF_RECEIVER_PACKET)));
 }
@@ -263,7 +261,7 @@ __ReceiverRingPutPacket(
 {
     PXENVIF_RECEIVER            Receiver;
     PXENVIF_FRONTEND            Frontend;
-    PMDL                        Mdl = &Packet->Mdl;
+    PMDL                        Mdl = Packet->SystemMdl;
 
     Receiver = Ring->Receiver;
     Frontend = Receiver->Frontend;
@@ -280,10 +278,13 @@ __ReceiverRingPutPacket(
     RtlZeroMemory(&Packet->Info, sizeof (XENVIF_PACKET_INFO));
     RtlZeroMemory(&Packet->Hash, sizeof (XENVIF_PACKET_HASH));
 
-    Mdl->MappedSystemVa = Mdl->StartVa;
-    Mdl->ByteOffset = 0;
-    Mdl->ByteCount = 0;
-    ASSERT3P(Mdl->Next, ==, NULL);
+    RtlZeroMemory(&Packet->Mdl, sizeof (MDL));
+
+    Packet->Mdl.Size = sizeof (MDL) + sizeof (PFN_NUMBER);
+    Packet->Mdl.MdlFlags = Mdl->MdlFlags;
+
+    ASSERT(Mdl->MdlFlags & MDL_MAPPED_TO_SYSTEM_VA);
+    Packet->Mdl.MappedSystemVa = Mdl->MappedSystemVa;
 
     XENBUS_CACHE(Put,
                  &Receiver->CacheInterface,
@@ -2042,10 +2043,19 @@ ReceiverRingPoll(
 
                 Extra = (extra->flags & XEN_NETIF_EXTRA_FLAG_MORE) ? TRUE : 
FALSE;
             } else {
+                PUCHAR  StartVa;
+
                 ASSERT3U(rsp->id, ==, id);
 
+                StartVa = MmGetSystemAddressForMdlSafe(Mdl,
+                                                       NormalPagePriority);
+                ASSERT(StartVa != NULL);
+
                 Mdl->ByteOffset = rsp->offset;
-                Mdl->MappedSystemVa = (PUCHAR)Mdl->StartVa + rsp->offset;
+
+                StartVa += rsp->offset;
+                Mdl->MappedSystemVa = StartVa;
+
                 Mdl->ByteCount = rsp->status;
 
                 if (rsp->status < 0)
-- 
2.5.3


_______________________________________________
win-pv-devel mailing list
win-pv-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/cgi-bin/mailman/listinfo/win-pv-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.