提交 0cc678f8 编写于 作者: D Daniel De Graaf 提交者: Konrad Rzeszutek Wilk

xen/gnt{dev,alloc}: reserve event channels for notify

When using the unmap notify ioctl, the event channel used for
notification needs to be reserved to avoid it being deallocated prior to
sending the notification.
Signed-off-by: NDaniel De Graaf <dgdegra@tycho.nsa.gov>
Signed-off-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
上级 8ca19a89
...@@ -178,8 +178,10 @@ static void __del_gref(struct gntalloc_gref *gref) ...@@ -178,8 +178,10 @@ static void __del_gref(struct gntalloc_gref *gref)
tmp[gref->notify.pgoff] = 0; tmp[gref->notify.pgoff] = 0;
kunmap(gref->page); kunmap(gref->page);
} }
if (gref->notify.flags & UNMAP_NOTIFY_SEND_EVENT) if (gref->notify.flags & UNMAP_NOTIFY_SEND_EVENT) {
notify_remote_via_evtchn(gref->notify.event); notify_remote_via_evtchn(gref->notify.event);
evtchn_put(gref->notify.event);
}
gref->notify.flags = 0; gref->notify.flags = 0;
...@@ -396,6 +398,23 @@ static long gntalloc_ioctl_unmap_notify(struct gntalloc_file_private_data *priv, ...@@ -396,6 +398,23 @@ static long gntalloc_ioctl_unmap_notify(struct gntalloc_file_private_data *priv,
goto unlock_out; goto unlock_out;
} }
/* We need to grab a reference to the event channel we are going to use
* to send the notify before releasing the reference we may already have
* (if someone has called this ioctl twice). This is required so that
* it is possible to change the clear_byte part of the notification
* without disturbing the event channel part, which may now be the last
* reference to that event channel.
*/
if (op.action & UNMAP_NOTIFY_SEND_EVENT) {
if (evtchn_get(op.event_channel_port)) {
rc = -EINVAL;
goto unlock_out;
}
}
if (gref->notify.flags & UNMAP_NOTIFY_SEND_EVENT)
evtchn_put(gref->notify.event);
gref->notify.flags = op.action; gref->notify.flags = op.action;
gref->notify.pgoff = pgoff; gref->notify.pgoff = pgoff;
gref->notify.event = op.event_channel_port; gref->notify.event = op.event_channel_port;
......
...@@ -193,8 +193,10 @@ static void gntdev_put_map(struct grant_map *map) ...@@ -193,8 +193,10 @@ static void gntdev_put_map(struct grant_map *map)
atomic_sub(map->count, &pages_mapped); atomic_sub(map->count, &pages_mapped);
if (map->notify.flags & UNMAP_NOTIFY_SEND_EVENT) if (map->notify.flags & UNMAP_NOTIFY_SEND_EVENT) {
notify_remote_via_evtchn(map->notify.event); notify_remote_via_evtchn(map->notify.event);
evtchn_put(map->notify.event);
}
if (map->pages) { if (map->pages) {
if (!use_ptemod) if (!use_ptemod)
...@@ -599,6 +601,8 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u) ...@@ -599,6 +601,8 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u)
struct ioctl_gntdev_unmap_notify op; struct ioctl_gntdev_unmap_notify op;
struct grant_map *map; struct grant_map *map;
int rc; int rc;
int out_flags;
unsigned int out_event;
if (copy_from_user(&op, u, sizeof(op))) if (copy_from_user(&op, u, sizeof(op)))
return -EFAULT; return -EFAULT;
...@@ -606,6 +610,21 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u) ...@@ -606,6 +610,21 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u)
if (op.action & ~(UNMAP_NOTIFY_CLEAR_BYTE|UNMAP_NOTIFY_SEND_EVENT)) if (op.action & ~(UNMAP_NOTIFY_CLEAR_BYTE|UNMAP_NOTIFY_SEND_EVENT))
return -EINVAL; return -EINVAL;
/* We need to grab a reference to the event channel we are going to use
* to send the notify before releasing the reference we may already have
* (if someone has called this ioctl twice). This is required so that
* it is possible to change the clear_byte part of the notification
* without disturbing the event channel part, which may now be the last
* reference to that event channel.
*/
if (op.action & UNMAP_NOTIFY_SEND_EVENT) {
if (evtchn_get(op.event_channel_port))
return -EINVAL;
}
out_flags = op.action;
out_event = op.event_channel_port;
spin_lock(&priv->lock); spin_lock(&priv->lock);
list_for_each_entry(map, &priv->maps, next) { list_for_each_entry(map, &priv->maps, next) {
...@@ -624,12 +643,22 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u) ...@@ -624,12 +643,22 @@ static long gntdev_ioctl_notify(struct gntdev_priv *priv, void __user *u)
goto unlock_out; goto unlock_out;
} }
out_flags = map->notify.flags;
out_event = map->notify.event;
map->notify.flags = op.action; map->notify.flags = op.action;
map->notify.addr = op.index - (map->index << PAGE_SHIFT); map->notify.addr = op.index - (map->index << PAGE_SHIFT);
map->notify.event = op.event_channel_port; map->notify.event = op.event_channel_port;
rc = 0; rc = 0;
unlock_out: unlock_out:
spin_unlock(&priv->lock); spin_unlock(&priv->lock);
/* Drop the reference to the event channel we did not save in the map */
if (out_flags & UNMAP_NOTIFY_SEND_EVENT)
evtchn_put(out_event);
return rc; return rc;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册