Xen project Mailing List

Re: [PATCH v2 2/6] x86/mem-paging: correct p2m_mem_paging_prep()'s error handling

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Thu, 14 May 2020 17:57:39 +0200

Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=roger.pau@xxxxxxxxxx; spf=Pass smtp.mailfrom=roger.pau@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx; dmarc=pass (p=none dis=none) d=citrix.com

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Thu, 14 May 2020 15:57:49 +0000

Ironport-sdr: YtTTa4/qfyQbJOJP/ZSPJ5uQb+0NSsgqQH4T35kug6kkmNX8vzOXJNl1eUrvMFLD6PzI/wcUVe R5ufMdZp9MGBMtMj+Yj7Z0whY+mjPscopaMoch1IfVcTDo3L+4YpT88dkEmhDlaquIML5OjYin N0KDsGK2HR6d6iXi//e16S6aEgQGlgBSPcfn7X5Y0cxzu+GrSGWXnSgm6hGHBZcU3jQyGsM7FA UiJeSNp5mJ8j68T6e/X1nPfizYncGivJ7Zjp/BJfhGYR2qtO48eNweVjgVOBMHxXNGdqtChTSk 884=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Apr 23, 2020 at 10:37:46AM +0200, Jan Beulich wrote: > Communicating errors from p2m_set_entry() to the caller is not enough: > Neither the M2P nor the stats updates should occur in such a case. > Instead the allocated page needs to be freed again; for cleanliness > reasons also properly take into account _PGC_allocated there. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> > > --- a/xen/arch/x86/mm/p2m.c > +++ b/xen/arch/x86/mm/p2m.c > @@ -1781,7 +1781,7 @@ void p2m_mem_paging_populate(struct doma > */ > int p2m_mem_paging_prep(struct domain *d, unsigned long gfn_l, uint64_t > buffer) > { > - struct page_info *page; > + struct page_info *page = NULL; > p2m_type_t p2mt; > p2m_access_t a; > gfn_t gfn = _gfn(gfn_l); > @@ -1816,9 +1816,19 @@ int p2m_mem_paging_prep(struct domain *d > goto out; > /* Get a free page */ > ret = -ENOMEM; > - page = alloc_domheap_page(p2m->domain, 0); > + page = alloc_domheap_page(d, 0); > if ( unlikely(page == NULL) ) > goto out; > + if ( unlikely(!get_page(page, d)) ) > + { > + /* > + * The domain can't possibly know about this page yet, so failure > + * here is a clear indication of something fishy going on. > + */ > + domain_crash(d); > + page = NULL; > + goto out; > + } > mfn = page_to_mfn(page); > page_extant = 0; > > @@ -1832,7 +1842,6 @@ int p2m_mem_paging_prep(struct domain *d > "Failed to load paging-in gfn %lx Dom%d bytes left > %d\n", > gfn_l, d->domain_id, ret); > ret = -EFAULT; > - put_page(page); /* Don't leak pages */ > goto out; > } > } > @@ -1843,13 +1852,24 @@ int p2m_mem_paging_prep(struct domain *d > ret = p2m_set_entry(p2m, gfn, mfn, PAGE_ORDER_4K, > paging_mode_log_dirty(d) ? p2m_ram_logdirty > : p2m_ram_rw, a); > - set_gpfn_from_mfn(mfn_x(mfn), gfn_l); I would instead do `if ( ret ) goto out`; And won't touch the code afterwards. Thanks, Roger.

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.