[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/2] xen/gnt{dev,alloc}: reserve event channels for notify



On Wed, 2011-10-19 at 15:23 +0100, Daniel De Graaf wrote:
> On 10/19/2011 05:24 AM, Ian Campbell wrote:
> > On Tue, 2011-10-18 at 22:04 +0100, Daniel De Graaf wrote:
> >> When using the unmap notify ioctl, the event channel used for
> >> notification needs to be reserved to avoid it being deallocated prior to
> >> sending the notification.
> >>
> >> Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
> >> ---
> >>  drivers/xen/gntalloc.c |   14 +++++++++++++-
> >>  drivers/xen/gntdev.c   |   11 +++++++++++
> >>  2 files changed, 24 insertions(+), 1 deletions(-)
> >>
> >> diff --git a/drivers/xen/gntalloc.c b/drivers/xen/gntalloc.c
> >> index f6832f4..a739fb1 100644
> >> --- a/drivers/xen/gntalloc.c
> >> +++ b/drivers/xen/gntalloc.c
> >> @@ -178,8 +178,10 @@ static void __del_gref(struct gntalloc_gref *gref)
> >>            tmp[gref->notify.pgoff] = 0;
> >>            kunmap(gref->page);
> >>    }
> >> -  if (gref->notify.flags & UNMAP_NOTIFY_SEND_EVENT)
> >> +  if (gref->notify.flags & UNMAP_NOTIFY_SEND_EVENT) {
> >>            notify_remote_via_evtchn(gref->notify.event);
> >> +          evtchn_put(gref->notify.event);
> >> +  }
> >>  
> >>    gref->notify.flags = 0;
> >>  
> >> @@ -396,6 +398,16 @@ static long gntalloc_ioctl_unmap_notify(struct 
> >> gntalloc_file_private_data *priv,
> >>            goto unlock_out;
> >>    }
> >>  
> >> +  if (op.action & UNMAP_NOTIFY_SEND_EVENT) {
> >> +          if (evtchn_get(op.event_channel_port)) {
> >> +                  rc = -EINVAL;
> >> +                  goto unlock_out;
> >> +          }
> >> +  }
> >> +
> >> +  if (gref->notify.flags & UNMAP_NOTIFY_SEND_EVENT)
> >> +          evtchn_put(gref->notify.event);
> >> +
> > 
> > If the gref gets torn down here won't we notify and drop the reference
> > on the wrong evtchn, leading to a double free? If we defer the drop
> > until after gref->notify.event has been updated then this goes away.
> > 
> > Ian.
> 
> This evtchn_put will only be called in the case where the unmap_notify
> is being changed and already had an event channel reference. This reference
> must be dropped prior to changing gref->notify.event or we will leak
> the old event channel.

More importantly I see now that there is a lock protecting all this
stuff so everything is ok.

Ian.

> 
> > 
> >>    gref->notify.flags = op.action;
> >>    gref->notify.pgoff = pgoff;
> >>    gref->notify.event = op.event_channel_port;
> >> diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
> >> index f914b26..cfcc890 100644
> >> --- a/drivers/xen/gntdev.c
> >> +++ b/drivers/xen/gntdev.c
> >> @@ -190,6 +190,7 @@ static void gntdev_put_map(struct grant_map *map)
> >>  
> >>    if (map->notify.flags & UNMAP_NOTIFY_SEND_EVENT) {
> >>            notify_remote_via_evtchn(map->notify.event);
> >> +          evtchn_put(map->notify.event);
> >>    }
> >>  
> >>    if (map->pages) {
> >> @@ -596,6 +597,16 @@ static long gntdev_ioctl_notify(struct gntdev_priv 
> >> *priv, void __user *u)
> >>            goto unlock_out;
> >>    }
> >>  
> >> +  if (op.action & UNMAP_NOTIFY_SEND_EVENT) {
> >> +          if (evtchn_get(op.event_channel_port)) {
> >> +                  rc = -EINVAL;
> >> +                  goto unlock_out;
> >> +          }
> >> +  }
> >> +
> >> +  if (map->notify.flags & UNMAP_NOTIFY_SEND_EVENT)
> >> +          evtchn_put(map->notify.event);
> >> +
> >>    map->notify.flags = op.action;
> >>    map->notify.addr = op.index - (map->index << PAGE_SHIFT);
> >>    map->notify.event = op.event_channel_port;
> > 
> > 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.