@@ -328,12 +328,45 @@ void p2m_put_gfn(struct p2m_domain *p2m,
gfn_unlock(p2m, gfn_x(gfn), 0);
}
+static struct page_info *get_page_from_mfn_and_type(
+ const struct p2m_domain *p2m, mfn_t mfn, p2m_type_t t)
+{
+ struct page_info *page;
+
+ if ( !mfn_valid(mfn) )
+ return NULL;
+
+ page = mfn_to_page(mfn);
+
+ if ( p2m_is_ram(t) )
+ {
+ const struct domain *d = !p2m_is_shared(t) ? p2m->domain : dom_cow;
+
+ if ( get_page(page, d) )
+ return page;
+ }
+ else if ( unlikely(p2m_is_foreign(t)) )
+ {
+ const struct domain *fdom = page_get_owner_and_reference(page);
+
+ if ( fdom )
+ {
+ if ( likely(fdom != p2m->domain) )
+ return page;
+ ASSERT_UNREACHABLE();
+ put_page(page);
+ }
+ }
+
+ return NULL;
+}
+
/* Atomically look up a GFN and take a reference count on the backing page. */
struct page_info *p2m_get_page_from_gfn(
struct p2m_domain *p2m, gfn_t gfn,
p2m_type_t *t, p2m_access_t *a, p2m_query_t q)
{
- struct page_info *page = NULL;
+ struct page_info *page;
p2m_access_t _a;
p2m_type_t _t;
mfn_t mfn;
@@ -347,26 +380,9 @@ struct page_info *p2m_get_page_from_gfn(
/* Fast path: look up and get out */
p2m_read_lock(p2m);
mfn = p2m_get_gfn_type_access(p2m, gfn, t, a, 0, NULL, 0);
- if ( p2m_is_any_ram(*t) && mfn_valid(mfn)
- && !((q & P2M_UNSHARE) && p2m_is_shared(*t)) )
- {
- page = mfn_to_page(mfn);
- if ( unlikely(p2m_is_foreign(*t)) || unlikely(p2m_is_grant(*t)) )
- {
- struct domain *fdom = page_get_owner_and_reference(page);
-
- ASSERT(!p2m_is_foreign(*t) || fdom != p2m->domain);
- if ( fdom == NULL )
- page = NULL;
- }
- else
- {
- struct domain *d = !p2m_is_shared(*t) ? p2m->domain : dom_cow;
-
- if ( !get_page(page, d) )
- page = NULL;
- }
- }
+ page = !(q & P2M_UNSHARE) || !p2m_is_shared(*t)
+ ? get_page_from_mfn_and_type(p2m, mfn, *t)
+ : NULL;
p2m_read_unlock(p2m);
if ( page )
@@ -380,14 +396,7 @@ struct page_info *p2m_get_page_from_gfn(
/* Slow path: take the write lock and do fixups */
mfn = get_gfn_type_access(p2m, gfn_x(gfn), t, a, q, NULL);
- if ( p2m_is_ram(*t) && mfn_valid(mfn) )
- {
- struct domain *d = !p2m_is_shared(*t) ? p2m->domain : dom_cow;
-
- page = mfn_to_page(mfn);
- if ( !get_page(page, d) )
- page = NULL;
- }
+ page = get_page_from_mfn_and_type(p2m, mfn, *t);
put_gfn(p2m->domain, gfn_x(gfn));
return page;
Handling of both grants and foreign pages was different between the two paths. While permitting access to grants would be desirable, doing so would require more involved handling; undo that for the time being. In particular the page reference obtained would prevent the owning domain from changing e.g. the page's type (after the grantee has released the last reference of the grant). Instead perhaps another reference on the grant would need obtaining. Which in turn would require determining which grant that was. Foreign pages in any event need permitting on both paths. Introduce a helper function to be used on both paths, such that respective checking differs in just the extra "to be unshared" condition on the fast path. While there adjust the sanity check for foreign pages: Don't leak the reference on release builds when on a debug build the assertion would have triggered. (Thanks to Roger for the suggestion.) Fixes: 80ea7af17269 ("x86/mm: Introduce get_page_from_gfn()") Fixes: 50fe6e737059 ("pvh dom0: add and remove foreign pages") Fixes: cbbca7be4aaa ("x86/p2m: make p2m_get_page_from_gfn() handle grant case correctly") Signed-off-by: Jan Beulich <jbeulich@suse.com> --- RFC: While the helper could take const struct domain * as first parameter, for a P2M function it seemed more natural to have it take const struct p2m_domain *.