From patchwork Mon Jul 15 09:17:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Paul Durrant X-Patchwork-Id: 11043519 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 10277112C for ; Mon, 15 Jul 2019 09:19:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F2D9627816 for ; Mon, 15 Jul 2019 09:19:43 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E4C82283AF; Mon, 15 Jul 2019 09:19:43 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 0372527816 for ; Mon, 15 Jul 2019 09:19:43 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hmx7d-00059V-JY; Mon, 15 Jul 2019 09:18:13 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hmx7c-00059Q-Md for xen-devel@lists.xenproject.org; Mon, 15 Jul 2019 09:18:12 +0000 X-Inumbo-ID: 77299104-a6e1-11e9-8980-bc764e045a96 Received: from esa3.hc3370-68.iphmx.com (unknown [216.71.145.155]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id 77299104-a6e1-11e9-8980-bc764e045a96; Mon, 15 Jul 2019 09:18:11 +0000 (UTC) Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=paul.durrant@citrix.com; spf=Pass smtp.mailfrom=Paul.Durrant@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender authenticity information available from domain of paul.durrant@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="paul.durrant@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa3.hc3370-68.iphmx.com: domain of Paul.Durrant@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="Paul.Durrant@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: dBy/dmip1BDG8TkVuVDIO3UAjBFXWIdg9rHNDnFO3mj6eXb344mUY7CI5ReCZ5sAQdxHajj+7E 3Wg0qyXoiuPqifghzB7ggpU0Oxy08RP4zc/9RMz4L8RQGf42Ei9tVugHKTnPX6l5UwBPa0Z3cg ze8OuZcclWOmZMQBsjkxLuo/kbMQOxI5+NCgYRiNJnU1JaK29mJ6+IPgVZ19F9UT/6MvKobXXK 7I7O7bNNL56I7oNvptCX1pKcxs/KGTEzKNDEp+7F8hqA174nEUK3IBOaqZ30/yx7uiw5dZbUEh ORc= X-SBRS: 2.7 X-MesageID: 2970992 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.63,493,1557201600"; d="scan'208";a="2970992" From: Paul Durrant To: Date: Mon, 15 Jul 2019 10:17:56 +0100 Message-ID: <20190715091756.39065-1-paul.durrant@citrix.com> X-Mailer: git-send-email 2.20.1.2.gb21ebb671 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH v2] xen/mm.h: add helper function to test-and-clear _PGC_allocated X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Wei Liu , Konrad Rzeszutek Wilk , George Dunlap , Andrew Cooper , Ian Jackson , Tim Deegan , Julien Grall , Paul Durrant , Tamas K Lengyel , Jan Beulich , Volodymyr Babchuk , =?utf-8?q?Roger_Pau_Monn?= =?utf-8?q?=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP The _PGC_allocated flag is set on a page when it is assigned to a domain along with an initial reference count of at least 1. To clear this 'allocation' reference it is necessary to test-and-clear _PGC_allocated and then only drop the reference if the test-and-clear succeeds. This is open- coded in many places. It is also unsafe to test-and-clear _PGC_allocated unless the caller holds an additional reference. This patch adds a helper function, put_page_alloc_ref(), to replace all the open-coded test-and-clear/put_page occurrences and incorporates in that a BUG_ON() an additional page reference not being held. Signed-off-by: Paul Durrant Acked-by: Jan Beulich Acked-by: Julien Grall --- Cc: Stefano Stabellini Cc: Julien Grall Cc: Volodymyr Babchuk Cc: Andrew Cooper Cc: George Dunlap Cc: Ian Jackson Cc: Jan Beulich Cc: Konrad Rzeszutek Wilk Cc: Tim Deegan Cc: Wei Liu Cc: "Roger Pau Monné" Cc: Tamas K Lengyel Cc: George Dunlap v2: - Re-name clear_assignment_reference() to put_page_alloc_ref() - Swap ASSERT() for BUG_ON() - Add an extra comment explaining what put_page_alloc_ref() is doing --- xen/arch/arm/domain.c | 4 +--- xen/arch/x86/domain.c | 3 +-- xen/arch/x86/hvm/ioreq.c | 11 ++--------- xen/arch/x86/mm.c | 3 +-- xen/arch/x86/mm/mem_sharing.c | 9 +++------ xen/arch/x86/mm/p2m-pod.c | 4 +--- xen/arch/x86/mm/p2m.c | 3 +-- xen/common/grant_table.c | 3 +-- xen/common/memory.c | 5 ++--- xen/common/xenoprof.c | 3 +-- xen/include/xen/mm.h | 14 ++++++++++++++ 11 files changed, 28 insertions(+), 34 deletions(-) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 4f44d5c742..941bbff4fe 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -926,9 +926,7 @@ static int relinquish_memory(struct domain *d, struct page_list_head *list) */ continue; - if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) - put_page(page); - + put_page_alloc_ref(page); put_page(page); if ( hypercall_preempt_check() ) diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index 147f96a09e..e791d86892 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1939,8 +1939,7 @@ static int relinquish_memory( BUG(); } - if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) - put_page(page); + put_page_alloc_ref(page); /* * Forcibly invalidate top-most, still valid page tables at this point diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c index 7a80cfb28b..a79cabb680 100644 --- a/xen/arch/x86/hvm/ioreq.c +++ b/xen/arch/x86/hvm/ioreq.c @@ -398,8 +398,7 @@ static int hvm_alloc_ioreq_mfn(struct hvm_ioreq_server *s, bool buf) return 0; fail: - if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) - put_page(page); + put_page_alloc_ref(page); put_page_and_type(page); return -ENOMEM; @@ -418,13 +417,7 @@ static void hvm_free_ioreq_mfn(struct hvm_ioreq_server *s, bool buf) unmap_domain_page_global(iorp->va); iorp->va = NULL; - /* - * Check whether we need to clear the allocation reference before - * dropping the explicit references taken by get_page_and_type(). - */ - if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) - put_page(page); - + put_page_alloc_ref(page); put_page_and_type(page); } diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index df2c0130f1..138662e777 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -498,8 +498,7 @@ void share_xen_page_with_guest(struct page_info *page, struct domain *d, void free_shared_domheap_page(struct page_info *page) { - if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) - put_page(page); + put_page_alloc_ref(page); if ( !test_and_clear_bit(_PGC_xen_heap, &page->count_info) ) ASSERT_UNREACHABLE(); page->u.inuse.type_info = 0; diff --git a/xen/arch/x86/mm/mem_sharing.c b/xen/arch/x86/mm/mem_sharing.c index f16a3f5324..58d9157fa8 100644 --- a/xen/arch/x86/mm/mem_sharing.c +++ b/xen/arch/x86/mm/mem_sharing.c @@ -1000,8 +1000,7 @@ static int share_pages(struct domain *sd, gfn_t sgfn, shr_handle_t sh, mem_sharing_page_unlock(firstpg); /* Free the client page */ - if(test_and_clear_bit(_PGC_allocated, &cpage->count_info)) - put_page(cpage); + put_page_alloc_ref(cpage); put_page(cpage); /* We managed to free a domain page. */ @@ -1082,8 +1081,7 @@ int mem_sharing_add_to_physmap(struct domain *sd, unsigned long sgfn, shr_handle ret = -EOVERFLOW; goto err_unlock; } - if ( test_and_clear_bit(_PGC_allocated, &cpage->count_info) ) - put_page(cpage); + put_page_alloc_ref(cpage); put_page(cpage); } } @@ -1177,8 +1175,7 @@ int __mem_sharing_unshare_page(struct domain *d, domain_crash(d); return -EOVERFLOW; } - if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) - put_page(page); + put_page_alloc_ref(page); put_page(page); } put_gfn(d, gfn); diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c index 4313863066..096e2773fb 100644 --- a/xen/arch/x86/mm/p2m-pod.c +++ b/xen/arch/x86/mm/p2m-pod.c @@ -274,9 +274,7 @@ p2m_pod_set_cache_target(struct p2m_domain *p2m, unsigned long pod_target, int p if ( test_and_clear_bit(_PGT_pinned, &(page+i)->u.inuse.type_info) ) put_page_and_type(page + i); - if ( test_and_clear_bit(_PGC_allocated, &(page+i)->count_info) ) - put_page(page + i); - + put_page_alloc_ref(page + i); put_page(page + i); if ( preemptible && pod_target != p2m->pod.count && diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 4c9954867c..883352da7d 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1609,8 +1609,7 @@ int p2m_mem_paging_evict(struct domain *d, unsigned long gfn_l) goto out_put; /* Decrement guest domain's ref count of the page */ - if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) - put_page(page); + put_page_alloc_ref(page); /* Remove mapping from p2m table */ ret = p2m_set_entry(p2m, gfn, INVALID_MFN, PAGE_ORDER_4K, diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index e6a0f30a4b..f0ca10a7fa 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -1707,8 +1707,7 @@ gnttab_unpopulate_status_frames(struct domain *d, struct grant_table *gt) } BUG_ON(page_get_owner(pg) != d); - if ( test_and_clear_bit(_PGC_allocated, &pg->count_info) ) - put_page(pg); + put_page_alloc_ref(pg); if ( pg->count_info & ~PGC_xen_heap ) { diff --git a/xen/common/memory.c b/xen/common/memory.c index 03db7bfa9e..30d210fc08 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -388,9 +388,8 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) * For this purpose (and to match populate_physmap() behavior), the page * is kept allocated. */ - if ( !rc && !is_domain_direct_mapped(d) && - test_and_clear_bit(_PGC_allocated, &page->count_info) ) - put_page(page); + if ( !rc && !is_domain_direct_mapped(d) ) + put_page_alloc_ref(page); put_page(page); diff --git a/xen/common/xenoprof.c b/xen/common/xenoprof.c index 8a72e382e6..4f3e799ebb 100644 --- a/xen/common/xenoprof.c +++ b/xen/common/xenoprof.c @@ -173,8 +173,7 @@ unshare_xenoprof_page_with_guest(struct xenoprof *x) struct page_info *page = mfn_to_page(mfn_add(mfn, i)); BUG_ON(page_get_owner(page) != current->domain); - if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) - put_page(page); + put_page_alloc_ref(page); } } diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h index a57974ae51..5d0c19f011 100644 --- a/xen/include/xen/mm.h +++ b/xen/include/xen/mm.h @@ -658,4 +658,18 @@ static inline void share_xen_page_with_privileged_guests( share_xen_page_with_guest(page, dom_xen, flags); } +static inline void put_page_alloc_ref(struct page_info *page) +{ + /* + * Whenever a page is assigned to a domain then the _PGC_allocated bit + * is set and the reference count is set to at least 1. This function + * clears that 'allocation reference' but it is unsafe to do so without + * the caller holding an additional reference. I.e. the allocation + * reference must never be the last reference held. + */ + BUG_ON((page->count_info & PGC_count_mask) <= 1); + if ( test_and_clear_bit(_PGC_allocated, &page->count_info) ) + put_page(page); +} + #endif /* __XEN_MM_H__ */