|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] mm: make pages allocated with MEMF_no_refcount safe to assign
commit c793d13944b45d7a655ad230717cd5f335101920
Author: Paul Durrant <pdurrant@xxxxxxxxxx>
AuthorDate: Thu Jan 30 12:56:42 2020 +0000
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Fri Feb 14 14:24:50 2020 +0000
mm: make pages allocated with MEMF_no_refcount safe to assign
Currently it is unsafe to assign a domheap page allocated with
MEMF_no_refcount to a domain because the domain't 'tot_pages' will not
be incremented, but will be decrement when the page is freed (since
free_domheap_pages() has no way of telling that the increment was skipped).
This patch allocates a new 'count_info' bit for a PGC_extra flag
which is then used to mark pages when alloc_domheap_pages() is called
with MEMF_no_refcount. assign_pages() because it still needs to call
domain_adjust_tot_pages() to make sure the domain is appropriately
referenced. Hence it is modified to do that for PGC_extra pages even if it
is passed MEMF_no_refount.
The number of PGC_extra pages assigned to a domain is tracked in a new
'extra_pages' counter, which is then subtracted from 'total_pages' in
the domain_tot_pages() helper. Thus 'normal' page assignments will still
be appropriately checked against 'max_pages'.
Signed-off-by: Paul Durrant <pdurrant@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Julien Grall <julien@xxxxxxx>
Acked-by: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
---
xen/arch/x86/mm.c | 3 ++-
xen/common/page_alloc.c | 65 +++++++++++++++++++++++++++++++++++++-----------
xen/include/asm-arm/mm.h | 5 +++-
xen/include/asm-x86/mm.h | 7 ++++--
xen/include/xen/sched.h | 5 +++-
5 files changed, 65 insertions(+), 20 deletions(-)
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 71caeabce5..ec0970fef5 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -4223,7 +4223,8 @@ int steal_page(
if ( !(owner = page_get_owner_and_reference(page)) )
goto fail;
- if ( owner != d || is_xen_heap_page(page) )
+ if ( owner != d || is_xen_heap_page(page) ||
+ (page->count_info & PGC_extra) )
goto fail_put;
/*
diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
index a6b1dd5892..76d37226df 100644
--- a/xen/common/page_alloc.c
+++ b/xen/common/page_alloc.c
@@ -2268,7 +2268,29 @@ int assign_pages(
goto out;
}
- if ( !(memflags & MEMF_no_refcount) )
+#ifndef NDEBUG
+ {
+ unsigned int extra_pages = 0;
+
+ for ( i = 0; i < (1ul << order); i++ )
+ {
+ ASSERT(!(pg[i].count_info & ~PGC_extra));
+ if ( pg[i].count_info & PGC_extra )
+ extra_pages++;
+ }
+
+ ASSERT(!extra_pages ||
+ ((memflags & MEMF_no_refcount) &&
+ extra_pages == 1u << order));
+ }
+#endif
+
+ if ( pg[0].count_info & PGC_extra )
+ {
+ d->extra_pages += 1u << order;
+ memflags &= ~MEMF_no_refcount;
+ }
+ else if ( !(memflags & MEMF_no_refcount) )
{
unsigned int tot_pages = domain_tot_pages(d) + (1 << order);
@@ -2279,18 +2301,19 @@ int assign_pages(
rc = -E2BIG;
goto out;
}
-
- if ( unlikely(domain_adjust_tot_pages(d, 1 << order) == (1 << order)) )
- get_knownalive_domain(d);
}
+ if ( !(memflags & MEMF_no_refcount) &&
+ unlikely(domain_adjust_tot_pages(d, 1 << order) == (1 << order)) )
+ get_knownalive_domain(d);
+
for ( i = 0; i < (1 << order); i++ )
{
ASSERT(page_get_owner(&pg[i]) == NULL);
- ASSERT(!pg[i].count_info);
page_set_owner(&pg[i], d);
smp_wmb(); /* Domain pointer must be visible before updating refcnt. */
- pg[i].count_info = PGC_allocated | 1;
+ pg[i].count_info =
+ (pg[i].count_info & PGC_extra) | PGC_allocated | 1;
page_list_add_tail(&pg[i], &d->page_list);
}
@@ -2316,11 +2339,6 @@ struct page_info *alloc_domheap_pages(
if ( memflags & MEMF_no_owner )
memflags |= MEMF_no_refcount;
- else if ( (memflags & MEMF_no_refcount) && d )
- {
- ASSERT(!(memflags & MEMF_no_refcount));
- return NULL;
- }
if ( !dma_bitsize )
memflags &= ~MEMF_no_dma;
@@ -2333,11 +2351,23 @@ struct page_info *alloc_domheap_pages(
memflags, d)) == NULL)) )
return NULL;
- if ( d && !(memflags & MEMF_no_owner) &&
- assign_pages(d, pg, order, memflags) )
+ if ( d && !(memflags & MEMF_no_owner) )
{
- free_heap_pages(pg, order, memflags & MEMF_no_scrub);
- return NULL;
+ if ( memflags & MEMF_no_refcount )
+ {
+ unsigned long i;
+
+ for ( i = 0; i < (1ul << order); i++ )
+ {
+ ASSERT(!pg[i].count_info);
+ pg[i].count_info = PGC_extra;
+ }
+ }
+ if ( assign_pages(d, pg, order, memflags) )
+ {
+ free_heap_pages(pg, order, memflags & MEMF_no_scrub);
+ return NULL;
+ }
}
return pg;
@@ -2385,6 +2415,11 @@ void free_domheap_pages(struct page_info *pg, unsigned
int order)
BUG();
}
arch_free_heap_page(d, &pg[i]);
+ if ( pg[i].count_info & PGC_extra )
+ {
+ ASSERT(d->extra_pages);
+ d->extra_pages--;
+ }
}
drop_dom_ref = !domain_adjust_tot_pages(d, -(1 << order));
diff --git a/xen/include/asm-arm/mm.h b/xen/include/asm-arm/mm.h
index 333efd3a60..7df91280bc 100644
--- a/xen/include/asm-arm/mm.h
+++ b/xen/include/asm-arm/mm.h
@@ -119,9 +119,12 @@ struct page_info
#define PGC_state_offlined PG_mask(2, 9)
#define PGC_state_free PG_mask(3, 9)
#define page_state_is(pg, st) (((pg)->count_info&PGC_state) == PGC_state_##st)
+/* Page is not reference counted */
+#define _PGC_extra PG_shift(10)
+#define PGC_extra PG_mask(1, 10)
/* Count of references to this frame. */
-#define PGC_count_width PG_shift(9)
+#define PGC_count_width PG_shift(10)
#define PGC_count_mask ((1UL<<PGC_count_width)-1)
/*
diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h
index 2ca8882ad0..06d64d494d 100644
--- a/xen/include/asm-x86/mm.h
+++ b/xen/include/asm-x86/mm.h
@@ -77,9 +77,12 @@
#define PGC_state_offlined PG_mask(2, 9)
#define PGC_state_free PG_mask(3, 9)
#define page_state_is(pg, st) (((pg)->count_info&PGC_state) == PGC_state_##st)
+/* Page is not reference counted */
+#define _PGC_extra PG_shift(10)
+#define PGC_extra PG_mask(1, 10)
- /* Count of references to this frame. */
-#define PGC_count_width PG_shift(9)
+/* Count of references to this frame. */
+#define PGC_count_width PG_shift(10)
#define PGC_count_mask ((1UL<<PGC_count_width)-1)
/*
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 1b6d7b941f..21b5f4cebd 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -374,6 +374,7 @@ struct domain
unsigned int xenheap_pages; /* pages allocated from Xen heap */
unsigned int outstanding_pages; /* pages claimed but not possessed */
unsigned int max_pages; /* maximum value for
domain_tot_pages() */
+ unsigned int extra_pages; /* pages not included in
domain_tot_pages() */
atomic_t shr_pages; /* shared pages */
atomic_t paged_pages; /* paged-out pages */
@@ -548,7 +549,9 @@ struct domain
/* Return number of pages currently posessed by the domain */
static inline unsigned int domain_tot_pages(const struct domain *d)
{
- return d->tot_pages;
+ ASSERT(d->extra_pages <= d->tot_pages);
+
+ return d->tot_pages - d->extra_pages;
}
/* Protect updates/reads (resp.) of domain_list and domain_hash. */
--
generated by git-patchbot for /home/xen/git/xen.git#master
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |