From patchwork Tue Aug 15 13:49:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 9901931 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0F8D7602C9 for ; Tue, 15 Aug 2017 13:51:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 014EF26E74 for ; Tue, 15 Aug 2017 13:51:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EA2B128438; Tue, 15 Aug 2017 13:51:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 49DEF26E74 for ; Tue, 15 Aug 2017 13:51:22 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhcDd-0003Fb-GS; Tue, 15 Aug 2017 13:49:17 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhcDc-0003FR-2N for xen-devel@lists.xenproject.org; Tue, 15 Aug 2017 13:49:16 +0000 Received: from [85.158.137.68] by server-8.bemta-3.messagelabs.com id E5/EF-02176-BDBF2995; Tue, 15 Aug 2017 13:49:15 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrAIsWRWlGSWpSXmKPExsXS6fjDS/fW70m RBss3yVl83zKZyYHR4/CHKywBjFGsmXlJ+RUJrBk/elYwF6xSqFi35yZTA+N7kS5GTg4hgTyJ 6evWsoLYvAJ2EnNW/mICsSUEDCVOL7zJAmKzCKhKnJ6ygBHEZhNQl2h7th2onoNDRMBA4tzRp C5GLg5mgV+MEnMuTAGrFxZwl1g2axMzxPwiifW31oPN5BSwl3jeeJkdpJdXQFDi7w5hkDCzgJ bEw1+3WCBsbYllC18zg5QwC0hLLP/HMYGRbxZCwywkDbOQNMxCaFjAyLKKUb04tagstUjXVC+ pKDM9oyQ3MTNH19DAWC83tbg4MT01JzGpWC85P3cTIzD06hkYGHcwXv7qdIhRkoNJSZR30dlJ kUJ8SfkplRmJxRnxRaU5qcWHGGU4OJQkeC/9AsoJFqWmp1akZeYAowAmLcHBoyTCu/8nUJq3u CAxtzgzHSJ1ilGX49WE/9+YhFjy8vNSpcR5M0BmCIAUZZTmwY2AReQlRlkpYV5GBgYGIZ6C1K LczBJU+VeM4hyMSsK81SBTeDLzSuA2vQI6ggnoiCvtYEeUJCKkpBoYl/kLHFrqU9Y0NXdb69I /GkXCfXuzQzsfsLSXb/Ete8j/R81G6JCPAjfHrozo5cdOCPKvvpX99vz1r5V/xeKKFGQz0+b0 P7nIvCFcvt+cae6tU+eOxL8sYooSdCp+MNVcq1n+yG6x3Du+t77l9bGyuuUuk1MXWnXVMEKwW jXBIciu4kZ09kYlluKMREMt5qLiRACJu3/2wwIAAA== X-Env-Sender: JBeulich@suse.com X-Msg-Ref: server-2.tower-31.messagelabs.com!1502804952!98420001!1 X-Originating-IP: [137.65.248.74] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 48405 invoked from network); 15 Aug 2017 13:49:14 -0000 Received: from prv-mh.provo.novell.com (HELO prv-mh.provo.novell.com) (137.65.248.74) by server-2.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 15 Aug 2017 13:49:14 -0000 Received: from INET-PRV-MTA by prv-mh.provo.novell.com with Novell_GroupWise; Tue, 15 Aug 2017 07:49:11 -0600 Message-Id: <599317F3020000780016FDED@prv-mh.provo.novell.com> X-Mailer: Novell GroupWise Internet Agent 14.2.2 Date: Tue, 15 Aug 2017 07:49:07 -0600 From: "Jan Beulich" To: "xen-devel" References: <599316BF020000780016FDC7@prv-mh.provo.novell.com> <599316BF020000780016FDC7@prv-mh.provo.novell.com> In-Reply-To: <599316BF020000780016FDC7@prv-mh.provo.novell.com> Mime-Version: 1.0 Content-Disposition: inline Cc: Stefano Stabellini , Wei Liu , George Dunlap , Andrew Cooper , Ian Jackson , Tim Deegan Subject: [Xen-devel] [PATCH v3 1/2] gnttab: don't use possibly unbounded tail calls X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP There is no guarantee that the compiler would actually translate them to branches instead of calls, so only ones with a known recursion limit are okay: - __release_grant_for_copy() can call itself only once, as __acquire_grant_for_copy() won't permit use of multi-level transitive grants, - __acquire_grant_for_copy() is fine to call itself with the last argument false, as that prevents further recursion, - __acquire_grant_for_copy() must not call itself to recover from an observed change to the active entry's pin count This is part of XSA-226. Signed-off-by: Jan Beulich --- v2: Zap *page prior to returning ERESTART. Fix i == 0 case in the exit path being added to gnttab_copy(). --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -2105,8 +2105,10 @@ __release_grant_for_copy( if ( td != rd ) { - /* Recursive calls, but they're tail calls, so it's - okay. */ + /* + * Recursive calls, but they're bounded (acquire permits only a single + * level of transitivity), so it's okay. + */ if ( released_write ) __release_grant_for_copy(td, trans_gref, 0); else if ( released_read ) @@ -2257,10 +2259,11 @@ __acquire_grant_for_copy( return rc; } - /* We dropped the lock, so we have to check that nobody - else tried to pin (or, for that matter, unpin) the - reference in *this* domain. If they did, just give up - and try again. */ + /* + * We dropped the lock, so we have to check that nobody else tried + * to pin (or, for that matter, unpin) the reference in *this* + * domain. If they did, just give up and tell the caller to retry. + */ if ( act->pin != old_pin ) { __fixup_status_for_copy_pin(act, status); @@ -2268,9 +2271,8 @@ __acquire_grant_for_copy( active_entry_release(act); grant_read_unlock(rgt); put_page(*page); - return __acquire_grant_for_copy(rd, gref, ldom, readonly, - frame, page, page_off, length, - allow_transitive); + *page = NULL; + return ERESTART; } /* The actual remote remote grant may or may not be a @@ -2576,7 +2578,7 @@ static int gnttab_copy_one(const struct { gnttab_copy_release_buf(src); rc = gnttab_copy_claim_buf(op, &op->source, src, GNTCOPY_source_gref); - if ( rc < 0 ) + if ( rc ) goto out; } @@ -2586,7 +2588,7 @@ static int gnttab_copy_one(const struct { gnttab_copy_release_buf(dest); rc = gnttab_copy_claim_buf(op, &op->dest, dest, GNTCOPY_dest_gref); - if ( rc < 0 ) + if ( rc ) goto out; } @@ -2608,7 +2610,7 @@ static long gnttab_copy( { if ( i && hypercall_preempt_check() ) { - rc = i; + rc = count - i; break; } @@ -2618,13 +2620,20 @@ static long gnttab_copy( break; } - op.status = gnttab_copy_one(&op, &dest, &src); - if ( op.status != GNTST_okay ) + rc = gnttab_copy_one(&op, &dest, &src); + if ( rc > 0 ) + { + rc = count - i; + break; + } + if ( rc != GNTST_okay ) { gnttab_copy_release_buf(&src); gnttab_copy_release_buf(&dest); } + op.status = rc; + rc = 0; if ( unlikely(__copy_field_to_guest(uop, &op, status)) ) { rc = -EFAULT; @@ -3162,6 +3171,7 @@ do_grant_table_op( rc = gnttab_copy(copy, count); if ( rc > 0 ) { + rc = count - rc; guest_handle_add_offset(copy, rc); uop = guest_handle_cast(copy, void); }