[2/8] x86/paging: fold most HAP and shadow final teardown

Message ID	8d519e00-83c6-aee9-e7ba-523aa4265e1e@suse.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <xen-devel-bounces@lists.xenproject.org> Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> Message-ID: <8d519e00-83c6-aee9-e7ba-523aa4265e1e@suse.com> Date: Wed, 21 Dec 2022 14:25:19 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 Subject: [PATCH 2/8] x86/paging: fold most HAP and shadow final teardown Content-Language: en-US From: Jan Beulich <jbeulich@suse.com> To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org> Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>, =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>, George Dunlap <george.dunlap@citrix.com>, Tim Deegan <tim@xen.org> References: <f7d2c856-bf75-503b-ad96-02d25c63a2f6@suse.com> In-Reply-To: <f7d2c856-bf75-503b-ad96-02d25c63a2f6@suse.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit MIME-Version: 1.0
Series	x86/mm: address aspects noticed during XSA-410 work \| expand [0/8] x86/mm: address aspects noticed during XSA-410 work [1/8] x86/paging: fold HAP and shadow memory alloc related fields [2/8] x86/paging: fold most HAP and shadow final teardown [3/8] x86/paging: move update_paging_modes() hook [4/8] x86/paging: move and conditionalize flush_tlb() hook [5/8] x86/PV: drop dead paging_update_paging_modes() call during Dom0 construction [6/8] x86/shadow: adjust and move sh_type_to_size[] [7/8] x86/shadow: don't open-code copy_domain_page() [8/8] x86/shadow: drop zero initialization from shadow_domain_init()

Message ID

8d519e00-83c6-aee9-e7ba-523aa4265e1e@suse.com (mailing list archive)

State

Superseded

Headers

Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
Message-ID: <8d519e00-83c6-aee9-e7ba-523aa4265e1e@suse.com>
Date: Wed, 21 Dec 2022 14:25:19 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.6.0
Subject: [PATCH 2/8] x86/paging: fold most HAP and shadow final teardown
Content-Language: en-US
From: Jan Beulich <jbeulich@suse.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wl@xen.org>,
	=?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>,
 George Dunlap <george.dunlap@citrix.com>, Tim Deegan <tim@xen.org>
References: <f7d2c856-bf75-503b-ad96-02d25c63a2f6@suse.com>
In-Reply-To: <f7d2c856-bf75-503b-ad96-02d25c63a2f6@suse.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?TsPqo/V8T6yFXo5afynZeT1dBuS2?=
	=?utf-8?q?hEaVHMBEKl2Ee+hSqyoD3TZjI+Lw2zRwnXWaE8WYN+n+2slmVrbwZXSfll3d9g3tu?=
	=?utf-8?q?hlkEzRvil8JE4AXU1RDL1bB1BuZDwnjOcGFNFlQEhq3GslmunJ3KRiSEJ2IGAd0+K?=
	=?utf-8?q?frRc6NRgPbJrAqIT4Ybox1F9Wzj4DKfn899gEkLw7qlgMFo5KXUEY98WgMhvpx7aA?=
	=?utf-8?q?n7vs4jDVFR0jrpIJjNpXAyXQqWB/22GDkdF1HMsCp+giiBUZK0pLpgYtgtWttw5Lh?=
	=?utf-8?q?qLkm7kQB91AxkJAzfjd4GNcFoIyrI0Y+pnfacZafUWuVCl+rhvNIpqXeEJmATz4k9?=
	=?utf-8?q?QJZYf3UT/jo8vuH+aYO4SWldyxFpBVuE9UH+5SxW3Oc6FuYifDVOfmAkOA+i3qVir?=
	=?utf-8?q?2RuqMP0o+BpaEpS6+9ety11fKuaXGs86PJxEsEaf0SYPdvL1zgPII+ZCLZjmLIRIC?=
	=?utf-8?q?f3gxM139AXltFJ9sEDXqcyOINnj59jZ5HFd1V8nO/Yte44B7u2ixffVAZCGO/rhVG?=
	=?utf-8?q?qmDRPYrpmRpT+QxTRL/rilGoz5hmBE0k5KUu9gq8qhE4CSRXBo9ZTWttmoYu4s41+?=
	=?utf-8?q?3euNBYXbzUYVWg+S6vS33LOGf0G+3h0ha/Tqfs5hF0ACUMoPpasSo9InbgP/9HDZ9?=
	=?utf-8?q?DI24rEVYbbBKlAH51i2s8N2UT/5oKByF9oCGymrYf3eGomB+TivfbqDyb9zNi+f3t?=
	=?utf-8?q?D5tetxzoRJKHFE92ZHbbJRwXi+ml2B40yOziQCjyQ2j5x1+hlTO/rj3quKpus+Pp1?=
	=?utf-8?q?azAOVQU7gSgtkizkQ23mgSDRTUi6LtQCNMc1NuAbdUU4kPZcMx12iS+AxlDsQpa4c?=
	=?utf-8?q?Z1fAOyFAkJ+e9kuwd5ImACvRVOS09YZqC82d/UOt9WVst2dNd4YSIVmHi7K7FvBtb?=
	=?utf-8?q?HlB/pXR4j5cbNmXRbJlCWv3pdRVYTKFEAQbvVmhc+589gkJZYVNfws+pL3heuJ2IO?=
	=?utf-8?q?mHnTeKTJR5ieaNbPAc157L+0PPLT38pIEDrLYy4Mz6T8QmeWh0olBXeIeCQammrD5?=
	=?utf-8?q?Iv6l+zaiuT+cXtQiNs0wy3uYYrbNogdYzmBw0OQhHPQI7+3vRmTKGQGzBTjnVhJnI?=
	=?utf-8?q?SROxZJi93BjBCsvUQNXS8dSK0a7AN2zk64nN6rC2jA11HfyJbrQBHF/4A9/mLYel9?=
	=?utf-8?q?g0jkknsifypU+vjFZS9UntffZdy9WFqWuu+I7VLLLDviwbcV7xP9omyWqYgIpdndt?=
	=?utf-8?q?/etO90cqNLyHtJ+9IW9dHGwCCKdcw3GgcEJd/a6isfU+Gt5m1oMzX2zvumy9h9m2j?=
	=?utf-8?q?Iv5a2Kyfmedwrc6Wi4rEFUlK2oCxANuWGBGwR4W5beX/ubPaFhZgo1RYeA7EV1dQf?=
	=?utf-8?q?9Jgb9OIZRKM6l7hTN+PPcDG1LgCx29h7wT801uhYhBUQWpXLHXGx+slOkmdN37p6T?=
	=?utf-8?q?//2HkAv8UDpV99gf2WJMn3InEciT+uwweJPM/ho/XTMNeJxN+4ZX70pMV5jBIdoM4?=
	=?utf-8?q?5ckar5xaFrAAx/XE8VYrggBKRAnSKt14uPBjhMLTolPagGHm5Vq3zZAna+lZWUNSY?=
	=?utf-8?q?piMTU4OLatmU?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 1cd98313-74f6-44aa-0ea2-08dae356cf9f
X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Dec 2022 13:25:21.7440
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 Wf+fYUmmBlmLwlp0Jrg/bEaqydI5Hz3LyjuBo/GD+GrKj25x3GWDY/X8FRY/H+zAFYWp8bcgv8z6IYNXYUwBPg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB8610

Series

x86/mm: address aspects noticed during XSA-410 work | expand

Commit Message

Jan Beulich Dec. 21, 2022, 1:25 p.m. UTC

HAP does a few things beyond what's common, which are left there at
least for now. Common operations, however, are moved to
paging_final_teardown(), allowing shadow_final_teardown() to go away.

While moving (and hence generalizing) the respective SHADOW_PRINTK()
drop the logging of total_pages from the 2nd instance - the value is
necessarily zero after {hap,shadow}_set_allocation().

Signed-off-by: Jan Beulich <jbeulich@suse.com>
---
The remaining parts of hap_final_teardown() could be moved as well, at
the price of a CONFIG_HVM conditional. I wasn't sure whether that was
deemed reasonable.

Comments

Andrew Cooper Dec. 21, 2022, 5:16 p.m. UTC | #1

On 21/12/2022 1:25 pm, Jan Beulich wrote:
> --- a/xen/arch/x86/mm/paging.c
> +++ b/xen/arch/x86/mm/paging.c
> @@ -842,10 +842,46 @@ int paging_teardown(struct domain *d)
>  /* Call once all of the references to the domain have gone away */
>  void paging_final_teardown(struct domain *d)
>  {
> -    if ( hap_enabled(d) )
> +    bool hap = hap_enabled(d);
> +
> +    PAGING_PRINTK("%pd final teardown starts.  Pages total = %u, free = %u, p2m = %u\n",

PAGING_PRINTK() already includes __func__, so just "%pd start: total %u,
free %u, p2m %u\n" which is shorter.

> +                  d, d->arch.paging.total_pages,
> +                  d->arch.paging.free_pages, d->arch.paging.p2m_pages);
> +
> +    if ( hap )
>          hap_final_teardown(d);
> +
> +    /*
> +     * Double-check that the domain didn't have any paging memory.
> +     * It is possible for a domain that never got domain_kill()ed
> +     * to get here with its paging allocation intact.

I know you're mostly just moving this comment, but it's misleading.

This path is used for the domain_create() error path, and there will be
a nonzero allocation for HVM guests.

I think we do want to rework this eventually - we will simplify things
massively by splitting the things can can only happen for a domain which
has run into relinquish_resources.

At a minimum, I'd suggest dropping the first sentence.  "double check"
implies it's an extraordinary case, which isn't warranted here IMO.

> +     */
> +    if ( d->arch.paging.total_pages )
> +    {
> +        if ( hap )
> +            hap_teardown(d, NULL);
> +        else
> +            shadow_teardown(d, NULL);
> +    }
> +
> +    /* It is now safe to pull down the p2m map. */
> +    p2m_teardown(p2m_get_hostp2m(d), true, NULL);
> +
> +    /* Free any paging memory that the p2m teardown released. */

I don't think this isn't true any more.  410 also made HAP/shadow free
pages fully for a dying domain, so p2m_teardown() at this point won't
add to the free memory pool.

I think the subsequent *_set_allocation() can be dropped, and the
assertions left.

~Andrew

Jan Beulich Dec. 22, 2022, 7:51 a.m. UTC | #2

On 21.12.2022 18:16, Andrew Cooper wrote:
> On 21/12/2022 1:25 pm, Jan Beulich wrote:
>> --- a/xen/arch/x86/mm/paging.c
>> +++ b/xen/arch/x86/mm/paging.c
>> @@ -842,10 +842,46 @@ int paging_teardown(struct domain *d)
>>  /* Call once all of the references to the domain have gone away */
>>  void paging_final_teardown(struct domain *d)
>>  {
>> -    if ( hap_enabled(d) )
>> +    bool hap = hap_enabled(d);
>> +
>> +    PAGING_PRINTK("%pd final teardown starts.  Pages total = %u, free = %u, p2m = %u\n",
> 
> PAGING_PRINTK() already includes __func__, so just "%pd start: total %u,
> free %u, p2m %u\n" which is shorter.

Hmm, yes, can do.

>> +                  d, d->arch.paging.total_pages,
>> +                  d->arch.paging.free_pages, d->arch.paging.p2m_pages);
>> +
>> +    if ( hap )
>>          hap_final_teardown(d);
>> +
>> +    /*
>> +     * Double-check that the domain didn't have any paging memory.
>> +     * It is possible for a domain that never got domain_kill()ed
>> +     * to get here with its paging allocation intact.
> 
> I know you're mostly just moving this comment, but it's misleading.
> 
> This path is used for the domain_create() error path, and there will be
> a nonzero allocation for HVM guests.
> 
> I think we do want to rework this eventually - we will simplify things
> massively by splitting the things can can only happen for a domain which
> has run into relinquish_resources.
> 
> At a minimum, I'd suggest dropping the first sentence.  "double check"
> implies it's an extraordinary case, which isn't warranted here IMO.

Instead of dropping I think I would prefer to make it start "Make sure
...".

>> +     */
>> +    if ( d->arch.paging.total_pages )
>> +    {
>> +        if ( hap )
>> +            hap_teardown(d, NULL);
>> +        else
>> +            shadow_teardown(d, NULL);
>> +    }
>> +
>> +    /* It is now safe to pull down the p2m map. */
>> +    p2m_teardown(p2m_get_hostp2m(d), true, NULL);
>> +
>> +    /* Free any paging memory that the p2m teardown released. */
> 
> I don't think this isn't true any more.  410 also made HAP/shadow free
> pages fully for a dying domain, so p2m_teardown() at this point won't
> add to the free memory pool.
> 
> I think the subsequent *_set_allocation() can be dropped, and the
> assertions left.

I agree, but if anything this will want to be a separate patch then.

Jan

Andrew Cooper Jan. 5, 2023, 5:56 p.m. UTC | #3

On 22/12/2022 7:51 am, Jan Beulich wrote:
> On 21.12.2022 18:16, Andrew Cooper wrote:
>> On 21/12/2022 1:25 pm, Jan Beulich wrote:
>>> +                  d, d->arch.paging.total_pages,
>>> +                  d->arch.paging.free_pages, d->arch.paging.p2m_pages);
>>> +
>>> +    if ( hap )
>>>          hap_final_teardown(d);
>>> +
>>> +    /*
>>> +     * Double-check that the domain didn't have any paging memory.
>>> +     * It is possible for a domain that never got domain_kill()ed
>>> +     * to get here with its paging allocation intact.
>> I know you're mostly just moving this comment, but it's misleading.
>>
>> This path is used for the domain_create() error path, and there will be
>> a nonzero allocation for HVM guests.
>>
>> I think we do want to rework this eventually - we will simplify things
>> massively by splitting the things can can only happen for a domain which
>> has run into relinquish_resources.
>>
>> At a minimum, I'd suggest dropping the first sentence.  "double check"
>> implies it's an extraordinary case, which isn't warranted here IMO.
> Instead of dropping I think I would prefer to make it start "Make sure
> ...".

That's still awkward grammar, and a bit misleading IMO.  How about
rewriting it entirely?

/* Remove remaining paging memory.  This can be nonzero on certain error
paths. */

>
>>> +     */
>>> +    if ( d->arch.paging.total_pages )
>>> +    {
>>> +        if ( hap )
>>> +            hap_teardown(d, NULL);
>>> +        else
>>> +            shadow_teardown(d, NULL);
>>> +    }
>>> +
>>> +    /* It is now safe to pull down the p2m map. */
>>> +    p2m_teardown(p2m_get_hostp2m(d), true, NULL);
>>> +
>>> +    /* Free any paging memory that the p2m teardown released. */
>> I don't think this isn't true any more.  410 also made HAP/shadow free
>> pages fully for a dying domain, so p2m_teardown() at this point won't
>> add to the free memory pool.
>>
>> I think the subsequent *_set_allocation() can be dropped, and the
>> assertions left.
> I agree, but if anything this will want to be a separate patch then.

I'd be happy putting that in this patch, but if you don't want to
combine it, then it should be a prerequisite IMO, so we don't have a
"clean up $X" patch which is shuffling buggy code around.

~Andrew

Jan Beulich Jan. 9, 2023, 11:55 a.m. UTC | #4

On 05.01.2023 18:56, Andrew Cooper wrote:
> On 22/12/2022 7:51 am, Jan Beulich wrote:
>> On 21.12.2022 18:16, Andrew Cooper wrote:
>>> On 21/12/2022 1:25 pm, Jan Beulich wrote:
>>>> +                  d, d->arch.paging.total_pages,
>>>> +                  d->arch.paging.free_pages, d->arch.paging.p2m_pages);
>>>> +
>>>> +    if ( hap )
>>>>          hap_final_teardown(d);
>>>> +
>>>> +    /*
>>>> +     * Double-check that the domain didn't have any paging memory.
>>>> +     * It is possible for a domain that never got domain_kill()ed
>>>> +     * to get here with its paging allocation intact.
>>> I know you're mostly just moving this comment, but it's misleading.
>>>
>>> This path is used for the domain_create() error path, and there will be
>>> a nonzero allocation for HVM guests.
>>>
>>> I think we do want to rework this eventually - we will simplify things
>>> massively by splitting the things can can only happen for a domain which
>>> has run into relinquish_resources.
>>>
>>> At a minimum, I'd suggest dropping the first sentence.  "double check"
>>> implies it's an extraordinary case, which isn't warranted here IMO.
>> Instead of dropping I think I would prefer to make it start "Make sure
>> ...".
> 
> That's still awkward grammar, and a bit misleading IMO.  How about
> rewriting it entirely?
> 
> /* Remove remaining paging memory.  This can be nonzero on certain error
> paths. */

Fine with me, changed.

>>>> +     */
>>>> +    if ( d->arch.paging.total_pages )
>>>> +    {
>>>> +        if ( hap )
>>>> +            hap_teardown(d, NULL);
>>>> +        else
>>>> +            shadow_teardown(d, NULL);
>>>> +    }
>>>> +
>>>> +    /* It is now safe to pull down the p2m map. */
>>>> +    p2m_teardown(p2m_get_hostp2m(d), true, NULL);
>>>> +
>>>> +    /* Free any paging memory that the p2m teardown released. */
>>> I don't think this isn't true any more.  410 also made HAP/shadow free
>>> pages fully for a dying domain, so p2m_teardown() at this point won't
>>> add to the free memory pool.
>>>
>>> I think the subsequent *_set_allocation() can be dropped, and the
>>> assertions left.
>> I agree, but if anything this will want to be a separate patch then.
> 
> I'd be happy putting that in this patch, but if you don't want to
> combine it, then it should be a prerequisite IMO, so we don't have a
> "clean up $X" patch which is shuffling buggy code around.

Well, doing it the other way around (as I already had it before your
reply) also has its advantages. Are you feeling very strong about the
order?

Jan

--- a/xen/arch/x86/include/asm/shadow.h
+++ b/xen/arch/x86/include/asm/shadow.h
@@ -78,9 +78,6 @@  int shadow_domctl(struct domain *d,
 void shadow_vcpu_teardown(struct vcpu *v);
 void shadow_teardown(struct domain *d, bool *preempted);
 
-/* Call once all of the references to the domain have gone away */
-void shadow_final_teardown(struct domain *d);
-
 void sh_remove_shadows(struct domain *d, mfn_t gmfn, int fast, int all);
 
 /* Adjust shadows ready for a guest page to change its type. */
--- a/xen/arch/x86/mm/hap/hap.c
+++ b/xen/arch/x86/mm/hap/hap.c
@@ -268,8 +268,8 @@  static void hap_free(struct domain *d, m
 
     /*
      * For dying domains, actually free the memory here. This way less work is
-     * left to hap_final_teardown(), which cannot easily have preemption checks
-     * added.
+     * left to paging_final_teardown(), which cannot easily have preemption
+     * checks added.
      */
     if ( unlikely(d->is_dying) )
     {
@@ -552,18 +552,6 @@  void hap_final_teardown(struct domain *d
     for (i = 0; i < MAX_NESTEDP2M; i++) {
         p2m_teardown(d->arch.nested_p2m[i], true, NULL);
     }
-
-    if ( d->arch.paging.total_pages != 0 )
-        hap_teardown(d, NULL);
-
-    p2m_teardown(p2m_get_hostp2m(d), true, NULL);
-    /* Free any memory that the p2m teardown released */
-    paging_lock(d);
-    hap_set_allocation(d, 0, NULL);
-    ASSERT(d->arch.paging.p2m_pages == 0);
-    ASSERT(d->arch.paging.free_pages == 0);
-    ASSERT(d->arch.paging.total_pages == 0);
-    paging_unlock(d);
 }
 
 void hap_vcpu_teardown(struct vcpu *v)
--- a/xen/arch/x86/mm/paging.c
+++ b/xen/arch/x86/mm/paging.c
@@ -842,10 +842,46 @@  int paging_teardown(struct domain *d)
 /* Call once all of the references to the domain have gone away */
 void paging_final_teardown(struct domain *d)
 {
-    if ( hap_enabled(d) )
+    bool hap = hap_enabled(d);
+
+    PAGING_PRINTK("%pd final teardown starts.  Pages total = %u, free = %u, p2m = %u\n",
+                  d, d->arch.paging.total_pages,
+                  d->arch.paging.free_pages, d->arch.paging.p2m_pages);
+
+    if ( hap )
         hap_final_teardown(d);
+
+    /*
+     * Double-check that the domain didn't have any paging memory.
+     * It is possible for a domain that never got domain_kill()ed
+     * to get here with its paging allocation intact.
+     */
+    if ( d->arch.paging.total_pages )
+    {
+        if ( hap )
+            hap_teardown(d, NULL);
+        else
+            shadow_teardown(d, NULL);
+    }
+
+    /* It is now safe to pull down the p2m map. */
+    p2m_teardown(p2m_get_hostp2m(d), true, NULL);
+
+    /* Free any paging memory that the p2m teardown released. */
+    paging_lock(d);
+
+    if ( hap )
+        hap_set_allocation(d, 0, NULL);
     else
-        shadow_final_teardown(d);
+        shadow_set_allocation(d, 0, NULL);
+
+    PAGING_PRINTK("%pd final teardown done.  Pages free = %u, p2m = %u\n",
+                  d, d->arch.paging.free_pages, d->arch.paging.p2m_pages);
+    ASSERT(!d->arch.paging.p2m_pages);
+    ASSERT(!d->arch.paging.free_pages);
+    ASSERT(!d->arch.paging.total_pages);
+
+    paging_unlock(d);
 
     p2m_final_teardown(d);
 }
--- a/xen/arch/x86/mm/shadow/common.c
+++ b/xen/arch/x86/mm/shadow/common.c
@@ -1232,7 +1232,7 @@  void shadow_free(struct domain *d, mfn_t
 
         /*
          * For dying domains, actually free the memory here. This way less
-         * work is left to shadow_final_teardown(), which cannot easily have
+         * work is left to paging_final_teardown(), which cannot easily have
          * preemption checks added.
          */
         if ( unlikely(dying) )
@@ -2940,35 +2940,6 @@  out:
     }
 }
 
-void shadow_final_teardown(struct domain *d)
-/* Called by arch_domain_destroy(), when it's safe to pull down the p2m map. */
-{
-    SHADOW_PRINTK("dom %u final teardown starts."
-                   "  Shadow pages total = %u, free = %u, p2m=%u\n",
-                   d->domain_id, d->arch.paging.total_pages,
-                   d->arch.paging.free_pages, d->arch.paging.p2m_pages);
-
-    /* Double-check that the domain didn't have any shadow memory.
-     * It is possible for a domain that never got domain_kill()ed
-     * to get here with its shadow allocation intact. */
-    if ( d->arch.paging.total_pages != 0 )
-        shadow_teardown(d, NULL);
-
-    /* It is now safe to pull down the p2m map. */
-    p2m_teardown(p2m_get_hostp2m(d), true, NULL);
-    /* Free any shadow memory that the p2m teardown released */
-    paging_lock(d);
-    shadow_set_allocation(d, 0, NULL);
-    SHADOW_PRINTK("dom %u final teardown done."
-                   "  Shadow pages total = %u, free = %u, p2m=%u\n",
-                   d->domain_id, d->arch.paging.total_pages,
-                   d->arch.paging.free_pages, d->arch.paging.p2m_pages);
-    ASSERT(d->arch.paging.p2m_pages == 0);
-    ASSERT(d->arch.paging.free_pages == 0);
-    ASSERT(d->arch.paging.total_pages == 0);
-    paging_unlock(d);
-}
-
 static int shadow_one_bit_enable(struct domain *d, u32 mode)
 /* Turn on a single shadow mode feature */
 {

[2/8] x86/paging: fold most HAP and shadow final teardown

Commit Message

Comments

Patch