|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.2] fix locking in offline_page()
commit 3ce0c9a3b44b8a83479486406d1ce111aeee54e4
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Mon Dec 9 14:46:26 2013 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Dec 9 14:46:26 2013 +0100
fix locking in offline_page()
Coverity ID 1055655
Apart from the Coverity-detected lock order reversal (a domain's
page_alloc_lock taken with the heap lock already held), calling
put_page() with heap_lock is a bad idea too (as a possible descendant
from put_page() is free_heap_pages(), which wants to take this very
lock).
From all I can tell the region over which heap_lock was held was far
too large: All we need to protect are the call to mark_page_offline()
and reserve_heap_page() (and I'd even put under question the need for
the former). Hence by slightly re-arranging the if/else-if chain we
can drop the lock much earlier, at once no longer covering the two
put_page() invocations.
Once at it, do a little bit of other cleanup: Put the "pod_replace"
code path inline rather than at its own label, and drop the effectively
unused variable "ret".
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Tim Deegan <tim@xxxxxxx>
Acked-by: Keir Fraser <keir@xxxxxxx>
master commit: d4837a56da4a59259dd0cf9f3bdc073159d81d7a
master date: 2013-12-03 12:40:57 +0100
---
xen/common/page_alloc.c | 39 ++++++++++++++++++---------------------
1 files changed, 18 insertions(+), 21 deletions(-)
diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
index fbdff5c..2f563e2 100644
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -819,7 +819,6 @@ int offline_page(unsigned long mfn, int broken, uint32_t
*status)
{
unsigned long old_info = 0;
struct domain *owner;
- int ret = 0;
struct page_info *pg;
if ( !mfn_valid(mfn) )
@@ -869,16 +868,28 @@ int offline_page(unsigned long mfn, int broken, uint32_t
*status)
if ( page_state_is(pg, offlined) )
{
reserve_heap_page(pg);
- *status = PG_OFFLINE_OFFLINED;
+
+ spin_unlock(&heap_lock);
+
+ *status = broken ? PG_OFFLINE_OFFLINED | PG_OFFLINE_BROKEN
+ : PG_OFFLINE_OFFLINED;
+ return 0;
}
- else if ( (owner = page_get_owner_and_reference(pg)) )
+
+ spin_unlock(&heap_lock);
+
+ if ( (owner = page_get_owner_and_reference(pg)) )
{
if ( p2m_pod_offline_or_broken_hit(pg) )
- goto pod_replace;
+ {
+ put_page(pg);
+ p2m_pod_offline_or_broken_replace(pg);
+ *status = PG_OFFLINE_OFFLINED;
+ }
else
{
*status = PG_OFFLINE_OWNED | PG_OFFLINE_PENDING |
- (owner->domain_id << PG_OFFLINE_OWNER_SHIFT);
+ (owner->domain_id << PG_OFFLINE_OWNER_SHIFT);
/* Release the reference since it will not be allocated anymore */
put_page(pg);
}
@@ -886,7 +897,7 @@ int offline_page(unsigned long mfn, int broken, uint32_t
*status)
else if ( old_info & PGC_xen_heap )
{
*status = PG_OFFLINE_XENPAGE | PG_OFFLINE_PENDING |
- (DOMID_XEN << PG_OFFLINE_OWNER_SHIFT);
+ (DOMID_XEN << PG_OFFLINE_OWNER_SHIFT);
}
else
{
@@ -905,21 +916,7 @@ int offline_page(unsigned long mfn, int broken, uint32_t
*status)
if ( broken )
*status |= PG_OFFLINE_BROKEN;
- spin_unlock(&heap_lock);
-
- return ret;
-
-pod_replace:
- put_page(pg);
- spin_unlock(&heap_lock);
-
- p2m_pod_offline_or_broken_replace(pg);
- *status = PG_OFFLINE_OFFLINED;
-
- if ( broken )
- *status |= PG_OFFLINE_BROKEN;
-
- return ret;
+ return 0;
}
/*
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.2
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |