Xen project Mailing List

Re: [PATCH] xen: fix broken tainted value in mark_page_free

From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>

Date: Wed, 22 Sep 2021 11:48:36 +0000

Accept-language: en-GB, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6MmWJ7hHoqNYgOIHSmjWOBBxabBhm0rXpL0yo1/j+ps=; b=QAXoVNQf9mEksLJioFuwB3cJX95b7m+SocDUtTmy1RDtmjioQJGYYJkknobJJlXnPB2xtXEwuH45ToHX8uosIuot3rqaVAR9t0i/D0xxYQOJYhBGd5FKMi8GOGy33g8ufBRcuJs5Vv4SflSyTc80IR8ZEtYGcOEG0xe95FEn0oBnsiXJ1uctpIQQw5auLsAT5cxaanTaCSXYcqVNO9FaL6TIP33IscMdXKTuxGI7cAr9ZsUHqVqSCqkvxIRNX778rNm6ojSlauQYSj2M56N0b+60rLugSm8uoDQHiXiqAsONs2yjYNBNebmTFiQ80AT6LICk9xnxq5QKAB4m8ctQAg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dLF0bFFd12PyxY15R3FDcYtiR1XouFeCj8db92wYc/V/Va36cwYHX+YflkSuoawmqnT0yDVgVPb3TTWb2iKTFOZVKtgDgIXcuglm0oIlCNhm4bX6izQDeybiap/6keQVtsJzwCjvmYeuZEx2Kj1c/V8EdFjFmNhaSE7YMMwqfC5CtK9eemng05HP3vqB6QtEOLNFfnX9E8X4Kc4reZ6D0iSBh8K7ElcLjVZdA+ZJb6wh1ucjHh4AcX/PZineA1Mn0WkszfT28dvhXA8XvCRUevJqP/Ukbc8PA2F90GhMwYl2S5nUdfx27Ue+JzuG8+CHhUORq8HUEt1jYVW6JNp7PQ==

Authentication-results-original: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com;

Cc: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, "julien@xxxxxxx" <julien@xxxxxxx>, "jbeulich@xxxxxxxx" <jbeulich@xxxxxxxx>, Wei Chen <Wei.Chen@xxxxxxx>

Delivery-date: Wed, 22 Sep 2021 11:49:02 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Nodisclaimer: true

Original-authentication-results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com;

Thread-index: AQHXr6c/8OBwQWPrCkW/tzMAglitdauv8D8A

Thread-topic: [PATCH] xen: fix broken tainted value in mark_page_free

Hi Penny, > On 22 Sep 2021, at 12:44, Penny Zheng <penny.zheng@xxxxxxx> wrote: > > Commit 540a637c3410780b519fc055f432afe271f642f8 defines a new > helper mark_page_free to extract common codes, while it accidently > breaks the local variable "tainted". > > This patch fix it by letting mark_page_free() return bool of whether the > page is offlined and rename local variable "tainted" to "pg_offlined". > > Coverity ID: 1491872 > > Fixes: 540a637c3410780b519fc055f432afe271f642f8 > Signed-off-by: Penny Zheng <penny.zheng@xxxxxxx> Reviewed-by: Bertrand Marquis <bertrand.marquis@xxxxxxx> Cheers Bertrand > --- > v2 changes: > - rename local variable "tainted" to "pg_offlined", and make it bool > --- > xen/common/page_alloc.c | 15 ++++++++++----- > 1 file changed, 10 insertions(+), 5 deletions(-) > > diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c > index 6142c7bb6a..5801358b4b 100644 > --- a/xen/common/page_alloc.c > +++ b/xen/common/page_alloc.c > @@ -1380,8 +1380,10 @@ bool scrub_free_pages(void) > return node_to_scrub(false) != NUMA_NO_NODE; > } > > -static void mark_page_free(struct page_info *pg, mfn_t mfn) > +static bool mark_page_free(struct page_info *pg, mfn_t mfn) > { > + bool pg_offlined = false; > + > ASSERT(mfn_x(mfn) == mfn_x(page_to_mfn(pg))); > > /* > @@ -1405,7 +1407,7 @@ static void mark_page_free(struct page_info *pg, mfn_t > mfn) > case PGC_state_offlining: > pg->count_info = (pg->count_info & PGC_broken) | > PGC_state_offlined; > - tainted = 1; > + pg_offlined = true; > break; > > default: > @@ -1425,6 +1427,8 @@ static void mark_page_free(struct page_info *pg, mfn_t > mfn) > /* This page is not a guest frame any more. */ > page_set_owner(pg, NULL); /* set_gpfn_from_mfn snoops pg owner */ > set_gpfn_from_mfn(mfn_x(mfn), INVALID_M2P_ENTRY); > + > + return pg_offlined; > } > > /* Free 2^@order set of pages. */ > @@ -1433,7 +1437,7 @@ static void free_heap_pages( > { > unsigned long mask; > mfn_t mfn = page_to_mfn(pg); > - unsigned int i, node = phys_to_nid(mfn_to_maddr(mfn)), tainted = 0; > + unsigned int i, node = phys_to_nid(mfn_to_maddr(mfn)), pg_offlined = 0; > unsigned int zone = page_to_zone(pg); > > ASSERT(order <= MAX_ORDER); > @@ -1443,7 +1447,8 @@ static void free_heap_pages( > > for ( i = 0; i < (1 << order); i++ ) > { > - mark_page_free(&pg[i], mfn_add(mfn, i)); > + if ( mark_page_free(&pg[i], mfn_add(mfn, i)) ) > + pg_offlined = 1; > > if ( need_scrub ) > { > @@ -1517,7 +1522,7 @@ static void free_heap_pages( > > page_list_add_scrub(pg, node, zone, order, pg->u.free.first_dirty); > > - if ( tainted ) > + if ( pg_offlined ) > reserve_offlined_page(pg); > > spin_unlock(&heap_lock); > -- > 2.25.1 >

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.