Skip to content

Commit

Permalink
xen/gnt{dev,alloc}: reserve event channels for notify
Browse files Browse the repository at this point in the history
When using the unmap notify ioctl, the event channel used for
notification needs to be reserved to avoid it being deallocated prior to
sending the notification.

Signed-off-by: Daniel De Graaf <[email protected]>
Signed-off-by: Konrad Rzeszutek Wilk <[email protected]>
  • Loading branch information
dgdegraaf authored and konradwilk committed Nov 21, 2011
1 parent 8ca19a8 commit 0cc678f
Showing 2 changed files with 50 additions and 2 deletions.
21 changes: 20 additions & 1 deletion drivers/xen/gntalloc.c
Original file line number Diff line number Diff line change
@@ -178,8 +178,10 @@ static void __del_gref(struct gntalloc_gref *gref)
tmp[gref->notify.pgoff] = 0;
kunmap(gref->page);
}
if (gref->notify.flags & UNMAP_NOTIFY_SEND_EVENT)
if (gref->notify.flags & UNMAP_NOTIFY_SEND_EVENT) {
notify_remote_via_evtchn(gref->notify.event);
evtchn_put(gref->notify.event);
}

gref->notify.flags = 0;

@@ -396,6 +398,23 @@ static long gntalloc_ioctl_unmap_notify(struct gntalloc_file_private_data *priv,
goto unlock_out;
}

/* We need to grab a reference to the event channel we are going to use
* to send the notify before releasing the reference we may already have
* (if someone has called this ioctl twice). This is required so that
* it is possible to change the clear_byte part of the notification
* without disturbing the event channel part, which may now be the last
* reference to that event channel.
*/
if (op.action & UNMAP_NOTIFY_SEND_EVENT) {
if (evtchn_get(op.event_channel_port)) {
rc = -EINVAL;
goto unlock_out;
}
}

if (gref->notify.flags & UNMAP_NOTIFY_SEND_EVENT)
evtchn_put(gref->notify.event);

gref->notify.flags = op.action;
gref->notify.pgoff = pgoff;
gref->notify.event = op.event_channel_port;
31 changes: 30 additions & 1 deletion drivers/xen/gntdev.c
Original file line number Diff line number Diff line change
@@ -193,8 +193,10 @@ static void gntdev_put_map(struct grant_map *map)

atomic_sub(map->count, &pages_mapped);

if (map->notify.flags & UNMAP_NOTIFY_SEND_EVENT)
if (map->notify.flags & UNMAP_NOTIFY_SEND_EVENT) {
notify_remote_via_evtchn(map->notify.event);
evtchn_put(map->notify.event);
}

if (map->pages) {
if (!use_ptemod)
@@ -599,13 +601,30 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u)
struct ioctl_gntdev_unmap_notify op;
struct grant_map *map;
int rc;
int out_flags;
unsigned int out_event;

if (copy_from_user(&op, u, sizeof(op)))
return -EFAULT;

if (op.action & ~(UNMAP_NOTIFY_CLEAR_BYTE|UNMAP_NOTIFY_SEND_EVENT))
return -EINVAL;

/* We need to grab a reference to the event channel we are going to use
* to send the notify before releasing the reference we may already have
* (if someone has called this ioctl twice). This is required so that
* it is possible to change the clear_byte part of the notification
* without disturbing the event channel part, which may now be the last
* reference to that event channel.
*/
if (op.action & UNMAP_NOTIFY_SEND_EVENT) {
if (evtchn_get(op.event_channel_port))
return -EINVAL;
}

out_flags = op.action;
out_event = op.event_channel_port;

spin_lock(&priv->lock);

list_for_each_entry(map, &priv->maps, next) {
@@ -624,12 +643,22 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u)
goto unlock_out;
}

out_flags = map->notify.flags;
out_event = map->notify.event;

map->notify.flags = op.action;
map->notify.addr = op.index - (map->index << PAGE_SHIFT);
map->notify.event = op.event_channel_port;

rc = 0;

unlock_out:
spin_unlock(&priv->lock);

/* Drop the reference to the event channel we did not save in the map */
if (out_flags & UNMAP_NOTIFY_SEND_EVENT)
evtchn_put(out_event);

return rc;
}

0 comments on commit 0cc678f

Please sign in to comment.