ia64/xen-unstable

changeset 7986:bc1bfdb35f29

Merged.
author emellor@leeni.uk.xensource.com
date Tue Nov 22 17:00:56 2005 +0100 (2005-11-22)
parents 602aefe7bd48 dede6fb4c90e
children 72a1421dcf1b
files
line diff
     1.1 --- a/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32	Tue Nov 22 16:31:16 2005 +0100
     1.2 +++ b/linux-2.6-xen-sparse/arch/xen/configs/xen_defconfig_x86_32	Tue Nov 22 17:00:56 2005 +0100
     1.3 @@ -1,7 +1,7 @@
     1.4  #
     1.5  # Automatically generated make config: don't edit
     1.6 -# Linux kernel version: 2.6.12-xen0
     1.7 -# Sat Oct 15 00:13:28 2005
     1.8 +# Linux kernel version: 2.6.12.6-xen
     1.9 +# Mon Nov 21 10:35:31 2005
    1.10  #
    1.11  CONFIG_XEN=y
    1.12  CONFIG_ARCH_XEN=y
    1.13 @@ -2474,8 +2474,8 @@ CONFIG_USB_HIDDEV=y
    1.14  #
    1.15  # USB HID Boot Protocol drivers
    1.16  #
    1.17 -CONFIG_USB_KBD=y
    1.18 -CONFIG_USB_MOUSE=y
    1.19 +CONFIG_USB_KBD=m
    1.20 +CONFIG_USB_MOUSE=m
    1.21  CONFIG_USB_AIPTEK=m
    1.22  CONFIG_USB_WACOM=m
    1.23  CONFIG_USB_KBTAB=m
     2.1 --- a/tools/libxc/xc_linux_save.c	Tue Nov 22 16:31:16 2005 +0100
     2.2 +++ b/tools/libxc/xc_linux_save.c	Tue Nov 22 17:00:56 2005 +0100
     2.3 @@ -731,7 +731,7 @@ int xc_linux_save(int xc_handle, int io_
     2.4  
     2.5      if (live && (pt_levels != 2)) {
     2.6          ERR("Live migration supported only for 32-bit non-pae");
     2.7 -        goto out;
     2.8 +        live = 0;
     2.9      }
    2.10  
    2.11      if (live) {
     3.1 --- a/tools/python/xen/xm/main.py	Tue Nov 22 16:31:16 2005 +0100
     3.2 +++ b/tools/python/xen/xm/main.py	Tue Nov 22 17:00:56 2005 +0100
     3.3 @@ -846,7 +846,7 @@ def deprecated(old,new):
     3.4      err('Option %s is the new replacement, see "xm help %s" for more info' % (new, new))
     3.5  
     3.6  def usage(cmd=None):
     3.7 -    if cmd = 'create'
     3.8 +    if cmd == 'create':
     3.9          xm_subcommand("create", "--help")
    3.10          sys.exit(1)
    3.11      if help.has_key(cmd):
     4.1 --- a/xen/arch/ia64/xen/grant_table.c	Tue Nov 22 16:31:16 2005 +0100
     4.2 +++ b/xen/arch/ia64/xen/grant_table.c	Tue Nov 22 17:00:56 2005 +0100
     4.3 @@ -1054,114 +1054,6 @@ do_grant_table_op(
     4.4      return rc;
     4.5  }
     4.6  
     4.7 -int
     4.8 -gnttab_check_unmap(
     4.9 -    struct domain *rd, struct domain *ld, unsigned long frame, int readonly)
    4.10 -{
    4.11 -    /* Called when put_page is invoked on a page belonging to a foreign domain.
    4.12 -     * Instead of decrementing the frame table ref count, locate the grant
    4.13 -     * table entry, if any, and if found, decrement that count.
    4.14 -     * Called a _lot_ at domain creation because pages mapped by priv domains
    4.15 -     * also traverse this.
    4.16 -     */
    4.17 -    
    4.18 -    /* Note: If the same frame is mapped multiple times, and then one of
    4.19 -     *       the ptes is overwritten, which maptrack handle gets invalidated?
    4.20 -     * Advice: Don't do it. Explicitly unmap.
    4.21 -     */
    4.22 -    
    4.23 -    unsigned int handle, ref, refcount;
    4.24 -    grant_table_t        *lgt, *rgt;
    4.25 -    active_grant_entry_t *act;
    4.26 -    grant_mapping_t      *map;
    4.27 -    int found = 0;
    4.28 -    
    4.29 -    lgt = ld->grant_table;
    4.30 -    
    4.31 -#if GRANT_DEBUG_VERBOSE
    4.32 -    if ( ld->domain_ id != 0 ) {
    4.33 -            DPRINTK("Foreign unref rd(%d) ld(%d) frm(%lx) flgs(%x).\n",
    4.34 -                    rd->domain_id, ld->domain_id, frame, readonly);
    4.35 -      }
    4.36 -#endif
    4.37 -    
    4.38 -    /* Fast exit if we're not mapping anything using grant tables */
    4.39 -    if ( lgt->map_count == 0 )
    4.40 -        return 0;
    4.41 -    
    4.42 -    if ( get_domain(rd) == 0 ) {
    4.43 -        DPRINTK("gnttab_check_unmap: couldn't get_domain rd(%d)\n",
    4.44 -                rd->domain_id);
    4.45 -        return 0;
    4.46 -    }
    4.47 -    
    4.48 -    rgt = rd->grant_table;
    4.49 -    
    4.50 -    for ( handle = 0; handle < lgt->maptrack_limit; handle++ ) {
    4.51 -
    4.52 -        map = &lgt->maptrack[handle];
    4.53 -            
    4.54 -        if ( map->domid != rd->domain_id )
    4.55 -            continue;
    4.56 -        
    4.57 -        if ( ( map->ref_and_flags & MAPTRACK_GNTMAP_MASK ) &&
    4.58 -             ( readonly ? 1 : (!(map->ref_and_flags & GNTMAP_readonly)))) {
    4.59 -
    4.60 -            ref = (map->ref_and_flags >> MAPTRACK_REF_SHIFT);
    4.61 -            act = &rgt->active[ref];
    4.62 -                    
    4.63 -            spin_lock(&rgt->lock);
    4.64 -                    
    4.65 -            if ( act->frame != frame ) {
    4.66 -                spin_unlock(&rgt->lock);
    4.67 -                continue;
    4.68 -            }
    4.69 -                    
    4.70 -            refcount = act->pin & ( readonly ? GNTPIN_hstr_mask
    4.71 -                                    : GNTPIN_hstw_mask );
    4.72 -
    4.73 -            if ( refcount == 0 ) {
    4.74 -                spin_unlock(&rgt->lock);
    4.75 -                continue;
    4.76 -            }
    4.77 -                    
    4.78 -            /* gotcha */
    4.79 -            DPRINTK("Grant unref rd(%d) ld(%d) frm(%lx) flgs(%x).\n",
    4.80 -                    rd->domain_id, ld->domain_id, frame, readonly);
    4.81 -                    
    4.82 -            if ( readonly )
    4.83 -                act->pin -= GNTPIN_hstr_inc;
    4.84 -            else {
    4.85 -                act->pin -= GNTPIN_hstw_inc;
    4.86 -                            
    4.87 -                /* any more granted writable mappings? */
    4.88 -                if ( (act->pin & (GNTPIN_hstw_mask|GNTPIN_devw_mask)) == 0 ) {
    4.89 -                    clear_bit(_GTF_writing, &rgt->shared[ref].flags);
    4.90 -                    put_page_type(&frame_table[frame]);
    4.91 -                }
    4.92 -            }
    4.93 -                
    4.94 -            if ( act->pin == 0 ) {
    4.95 -                clear_bit(_GTF_reading, &rgt->shared[ref].flags);
    4.96 -                put_page(&frame_table[frame]);
    4.97 -            }
    4.98 -
    4.99 -            spin_unlock(&rgt->lock);
   4.100 -                    
   4.101 -            clear_bit(GNTMAP_host_map, &map->ref_and_flags);
   4.102 -                    
   4.103 -            if ( !(map->ref_and_flags & GNTMAP_device_map) )
   4.104 -                put_maptrack_handle(lgt, handle);
   4.105 -                    
   4.106 -            found = 1;
   4.107 -            break;
   4.108 -        }
   4.109 -    }
   4.110 -    put_domain(rd);
   4.111 -    
   4.112 -    return found;
   4.113 -}
   4.114 -
   4.115  int 
   4.116  gnttab_prepare_for_transfer(
   4.117      struct domain *rd, struct domain *ld, grant_ref_t ref)
   4.118 @@ -1355,8 +1247,10 @@ grant_table_create(
   4.119  }
   4.120  
   4.121  void
   4.122 -gnttab_release_dev_mappings(grant_table_t *gt)
   4.123 +gnttab_release_mappings(
   4.124 +    struct domain *ld)
   4.125  {
   4.126 +    grant_table_t          *gt = ld->grant_table;
   4.127      grant_mapping_t        *map;
   4.128      domid_t                 dom;
   4.129      grant_ref_t             ref;
   4.130 @@ -1366,8 +1260,6 @@ gnttab_release_dev_mappings(grant_table_
   4.131      active_grant_entry_t   *act;
   4.132      grant_entry_t          *sha;
   4.133  
   4.134 -    ld = current->domain;
   4.135 -
   4.136      for ( handle = 0; handle < gt->maptrack_limit; handle++ )
   4.137      {
   4.138          map = &gt->maptrack[handle];
     5.1 --- a/xen/arch/x86/domain.c	Tue Nov 22 16:31:16 2005 +0100
     5.2 +++ b/xen/arch/x86/domain.c	Tue Nov 22 17:00:56 2005 +0100
     5.3 @@ -960,8 +960,7 @@ void domain_relinquish_resources(struct 
     5.4  
     5.5      ptwr_destroy(d);
     5.6  
     5.7 -    /* Release device mappings of other domains */
     5.8 -    gnttab_release_dev_mappings(d->grant_table);
     5.9 +    gnttab_release_mappings(d);
    5.10  
    5.11      /* Drop the in-use references to page-table bases. */
    5.12      for_each_vcpu ( d, v )
     6.1 --- a/xen/arch/x86/mm.c	Tue Nov 22 16:31:16 2005 +0100
     6.2 +++ b/xen/arch/x86/mm.c	Tue Nov 22 17:00:56 2005 +0100
     6.3 @@ -594,23 +594,26 @@ void put_page_from_l1e(l1_pgentry_t l1e,
     6.4          return;
     6.5  
     6.6      e = page_get_owner(page);
     6.7 -    if ( unlikely(e != d) )
     6.8 +
     6.9 +    /*
    6.10 +     * Check if this is a mapping that was established via a grant reference.
    6.11 +     * If it was then we should not be here: we require that such mappings are
    6.12 +     * explicitly destroyed via the grant-table interface.
    6.13 +     * 
    6.14 +     * The upshot of this is that the guest can end up with active grants that
    6.15 +     * it cannot destroy (because it no longer has a PTE to present to the
    6.16 +     * grant-table interface). This can lead to subtle hard-to-catch bugs,
    6.17 +     * hence a special grant PTE flag can be enabled to catch the bug early.
    6.18 +     * 
    6.19 +     * (Note that the undestroyable active grants are not a security hole in
    6.20 +     * Xen. All active grants can safely be cleaned up when the domain dies.)
    6.21 +     */
    6.22 +    if ( (l1e_get_flags(l1e) & _PAGE_GNTTAB) &&
    6.23 +         !(d->domain_flags & (DOMF_shutdown|DOMF_dying)) )
    6.24      {
    6.25 -        /*
    6.26 -         * Unmap a foreign page that may have been mapped via a grant table.
    6.27 -         * Note that this can fail for a privileged domain that can map foreign
    6.28 -         * pages via MMUEXT_SET_FOREIGNDOM. Such domains can have some mappings
    6.29 -         * counted via a grant entry and some counted directly in the page
    6.30 -         * structure's reference count. Note that reference counts won't get
    6.31 -         * dangerously confused as long as we always try to decrement the
    6.32 -         * grant entry first. We may end up with a mismatch between which
    6.33 -         * mappings and which unmappings are counted via the grant entry, but
    6.34 -         * really it doesn't matter as privileged domains have carte blanche.
    6.35 -         */
    6.36 -        if (likely(gnttab_check_unmap(e, d, pfn,
    6.37 -                                      !(l1e_get_flags(l1e) & _PAGE_RW))))
    6.38 -            return;
    6.39 -        /* Assume this mapping was made via MMUEXT_SET_FOREIGNDOM... */
    6.40 +        MEM_LOG("Attempt to implicitly unmap a granted PTE %" PRIpte,
    6.41 +                l1e_get_intpte(l1e));
    6.42 +        domain_crash(d);
    6.43      }
    6.44  
    6.45      if ( l1e_get_flags(l1e) & _PAGE_RW )
    6.46 @@ -2317,7 +2320,6 @@ int update_grant_pte_mapping(
    6.47  
    6.48      ASSERT(spin_is_locked(&d->big_lock));
    6.49      ASSERT(!shadow_mode_refcounts(d));
    6.50 -    ASSERT((l1e_get_flags(_nl1e) & L1_DISALLOW_MASK) == 0);
    6.51  
    6.52      gpfn = pte_addr >> PAGE_SHIFT;
    6.53      mfn = __gpfn_to_mfn(d, gpfn);
    6.54 @@ -2452,7 +2454,6 @@ int update_grant_va_mapping(
    6.55      
    6.56      ASSERT(spin_is_locked(&d->big_lock));
    6.57      ASSERT(!shadow_mode_refcounts(d));
    6.58 -    ASSERT((l1e_get_flags(_nl1e) & L1_DISALLOW_MASK) == 0);
    6.59  
    6.60      /*
    6.61       * This is actually overkill - we don't need to sync the L1 itself,
     7.1 --- a/xen/arch/x86/shadow.c	Tue Nov 22 16:31:16 2005 +0100
     7.2 +++ b/xen/arch/x86/shadow.c	Tue Nov 22 17:00:56 2005 +0100
     7.3 @@ -1536,12 +1536,13 @@ static int resync_all(struct domain *d, 
     7.4              perfc_incr_histo(l1_entries_checked, max_shadow - min_shadow + 1, PT_UPDATES);
     7.5              if ( d->arch.ops->guest_paging_levels >= PAGING_L3 &&
     7.6                   unshadow_l1 ) {
     7.7 -                pgentry_64_t l2e = {0};
     7.8 +                pgentry_64_t l2e;
     7.9  
    7.10                  __shadow_get_l2e(entry->v, entry->va, &l2e);
    7.11  
    7.12                  if ( entry_get_flags(l2e) & _PAGE_PRESENT ) {
    7.13 -                    entry_remove_flags(l2e, _PAGE_PRESENT);
    7.14 +                    put_shadow_ref(entry_get_pfn(l2e));
    7.15 +                    l2e = entry_empty();
    7.16                      __shadow_set_l2e(entry->v, entry->va, &l2e);
    7.17  
    7.18                      if (entry->v == current)
     8.1 --- a/xen/arch/x86/shadow32.c	Tue Nov 22 16:31:16 2005 +0100
     8.2 +++ b/xen/arch/x86/shadow32.c	Tue Nov 22 17:00:56 2005 +0100
     8.3 @@ -1381,8 +1381,11 @@ int shadow_mode_control(struct domain *d
     8.4      switch ( op )
     8.5      {
     8.6      case DOM0_SHADOW_CONTROL_OP_OFF:
     8.7 -        __shadow_sync_all(d);
     8.8 -        __shadow_mode_disable(d);
     8.9 +        if ( shadow_mode_enabled(d) )
    8.10 +        {
    8.11 +            __shadow_sync_all(d);
    8.12 +            __shadow_mode_disable(d);
    8.13 +        }
    8.14          break;
    8.15  
    8.16      case DOM0_SHADOW_CONTROL_OP_ENABLE_TEST:
    8.17 @@ -2426,7 +2429,8 @@ static int resync_all(struct domain *d, 
    8.18  
    8.19                  __shadow_get_l2e(entry->v, entry->va, &l2e);
    8.20                  if (l2e_get_flags(l2e) & _PAGE_PRESENT) {
    8.21 -                    l2e_remove_flags(l2e, _PAGE_PRESENT);
    8.22 +                    put_shadow_ref(l2e_get_pfn(l2e)); 
    8.23 +                    l2e = l2e_empty();
    8.24                      __shadow_set_l2e(entry->v, entry->va, l2e);
    8.25  
    8.26                      if (entry->v == current)
     9.1 --- a/xen/arch/x86/shadow_public.c	Tue Nov 22 16:31:16 2005 +0100
     9.2 +++ b/xen/arch/x86/shadow_public.c	Tue Nov 22 17:00:56 2005 +0100
     9.3 @@ -1290,8 +1290,11 @@ int shadow_mode_control(struct domain *d
     9.4      switch ( op )
     9.5      {
     9.6      case DOM0_SHADOW_CONTROL_OP_OFF:
     9.7 -        __shadow_sync_all(d);
     9.8 -        __shadow_mode_disable(d);
     9.9 +        if ( shadow_mode_enabled(d) )
    9.10 +        {
    9.11 +            __shadow_sync_all(d);
    9.12 +            __shadow_mode_disable(d);
    9.13 +        }
    9.14          break;
    9.15  
    9.16      case DOM0_SHADOW_CONTROL_OP_ENABLE_TEST:
    10.1 --- a/xen/common/grant_table.c	Tue Nov 22 16:31:16 2005 +0100
    10.2 +++ b/xen/common/grant_table.c	Tue Nov 22 17:00:56 2005 +0100
    10.3 @@ -31,17 +31,11 @@
    10.4  #include <acm/acm_hooks.h>
    10.5  #include <xen/trace.h>
    10.6  
    10.7 -#if defined(CONFIG_X86_64)
    10.8 -#define GRANT_PTE_FLAGS (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_USER)
    10.9 -#else
   10.10 -#define GRANT_PTE_FLAGS (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY)
   10.11 -#endif
   10.12 -
   10.13 -#define PIN_FAIL(_lbl, _rc, _f, _a...)   \
   10.14 -    do {                           \
   10.15 -        DPRINTK( _f, ## _a );      \
   10.16 -        rc = (_rc);                \
   10.17 -        goto _lbl;                 \
   10.18 +#define PIN_FAIL(_lbl, _rc, _f, _a...)          \
   10.19 +    do {                                        \
   10.20 +        DPRINTK( _f, ## _a );                   \
   10.21 +        rc = (_rc);                             \
   10.22 +        goto _lbl;                              \
   10.23      } while ( 0 )
   10.24  
   10.25  static inline int
   10.26 @@ -519,12 +513,12 @@ static int
   10.27  
   10.28      /* If just unmapped a writable mapping, mark as dirtied */
   10.29      if ( unlikely(shadow_mode_log_dirty(rd)) &&
   10.30 -        !( flags & GNTMAP_readonly ) )
   10.31 +         !(flags & GNTMAP_readonly) )
   10.32           mark_dirty(rd, frame);
   10.33  
   10.34      /* If the last writable mapping has been removed, put_page_type */
   10.35 -    if ( ( (act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask) ) == 0) &&
   10.36 -         ( !( flags & GNTMAP_readonly ) ) )
   10.37 +    if ( ((act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) == 0) &&
   10.38 +         !(flags & GNTMAP_readonly) )
   10.39      {
   10.40          clear_bit(_GTF_writing, &sha->flags);
   10.41          put_page_type(&frame_table[frame]);
   10.42 @@ -880,108 +874,6 @@ do_grant_table_op(
   10.43      return rc;
   10.44  }
   10.45  
   10.46 -int
   10.47 -gnttab_check_unmap(
   10.48 -    struct domain *rd, struct domain *ld, unsigned long frame, int readonly)
   10.49 -{
   10.50 -    /* Called when put_page is invoked on a page belonging to a foreign domain.
   10.51 -     * Instead of decrementing the frame table ref count, locate the grant
   10.52 -     * table entry, if any, and if found, decrement that count.
   10.53 -     * Called a _lot_ at domain creation because pages mapped by priv domains
   10.54 -     * also traverse this.
   10.55 -     */
   10.56 -    
   10.57 -    /* Note: If the same frame is mapped multiple times, and then one of
   10.58 -     *       the ptes is overwritten, which maptrack handle gets invalidated?
   10.59 -     * Advice: Don't do it. Explicitly unmap.
   10.60 -     */
   10.61 -    
   10.62 -    unsigned int handle, ref, refcount;
   10.63 -    grant_table_t        *lgt, *rgt;
   10.64 -    active_grant_entry_t *act;
   10.65 -    grant_mapping_t      *map;
   10.66 -    int found = 0;
   10.67 -    
   10.68 -    lgt = ld->grant_table;
   10.69 -    
   10.70 -    /* Fast exit if we're not mapping anything using grant tables */
   10.71 -    if ( lgt->map_count == 0 )
   10.72 -        return 0;
   10.73 -    
   10.74 -    if ( get_domain(rd) == 0 )
   10.75 -    {
   10.76 -        DPRINTK("gnttab_check_unmap: couldn't get_domain rd(%d)\n",
   10.77 -                rd->domain_id);
   10.78 -        return 0;
   10.79 -    }
   10.80 -    
   10.81 -    rgt = rd->grant_table;
   10.82 -    
   10.83 -    for ( handle = 0; handle < lgt->maptrack_limit; handle++ ) {
   10.84 -
   10.85 -        map = &lgt->maptrack[handle];
   10.86 -            
   10.87 -        if ( map->domid != rd->domain_id )
   10.88 -            continue;
   10.89 -        
   10.90 -        if ( ( map->ref_and_flags & MAPTRACK_GNTMAP_MASK ) &&
   10.91 -             ( readonly ? 1 : (!(map->ref_and_flags & GNTMAP_readonly)))) {
   10.92 -
   10.93 -            ref = (map->ref_and_flags >> MAPTRACK_REF_SHIFT);
   10.94 -            act = &rgt->active[ref];
   10.95 -                    
   10.96 -            spin_lock(&rgt->lock);
   10.97 -                    
   10.98 -            if ( act->frame != frame ) {
   10.99 -                spin_unlock(&rgt->lock);
  10.100 -                continue;
  10.101 -            }
  10.102 -                    
  10.103 -            refcount = act->pin & ( readonly ? GNTPIN_hstr_mask
  10.104 -                                    : GNTPIN_hstw_mask );
  10.105 -
  10.106 -            if ( refcount == 0 ) {
  10.107 -                spin_unlock(&rgt->lock);
  10.108 -                continue;
  10.109 -            }
  10.110 -                    
  10.111 -            /* gotcha */
  10.112 -            DPRINTK("Grant unref rd(%d) ld(%d) frm(%lx) flgs(%x).\n",
  10.113 -                    rd->domain_id, ld->domain_id, frame, readonly);
  10.114 -                    
  10.115 -            if ( readonly )
  10.116 -                act->pin -= GNTPIN_hstr_inc;
  10.117 -            else {
  10.118 -                act->pin -= GNTPIN_hstw_inc;
  10.119 -                            
  10.120 -                /* any more granted writable mappings? */
  10.121 -                if ( (act->pin & (GNTPIN_hstw_mask|GNTPIN_devw_mask)) == 0 ) {
  10.122 -                    clear_bit(_GTF_writing, &rgt->shared[ref].flags);
  10.123 -                    put_page_type(&frame_table[frame]);
  10.124 -                }
  10.125 -            }
  10.126 -                
  10.127 -            if ( act->pin == 0 ) {
  10.128 -                clear_bit(_GTF_reading, &rgt->shared[ref].flags);
  10.129 -                put_page(&frame_table[frame]);
  10.130 -            }
  10.131 -
  10.132 -            spin_unlock(&rgt->lock);
  10.133 -                    
  10.134 -            clear_bit(GNTMAP_host_map, &map->ref_and_flags);
  10.135 -                    
  10.136 -            if ( !(map->ref_and_flags & GNTMAP_device_map) )
  10.137 -                put_maptrack_handle(lgt, handle);
  10.138 -                    
  10.139 -            found = 1;
  10.140 -            break;
  10.141 -        }
  10.142 -    }
  10.143 -    put_domain(rd);
  10.144 -    
  10.145 -    return found;
  10.146 -}
  10.147 -
  10.148  int 
  10.149  gnttab_prepare_for_transfer(
  10.150      struct domain *rd, struct domain *ld, grant_ref_t ref)
  10.151 @@ -1124,70 +1016,85 @@ grant_table_create(
  10.152  }
  10.153  
  10.154  void
  10.155 -gnttab_release_dev_mappings(grant_table_t *gt)
  10.156 +gnttab_release_mappings(
  10.157 +    struct domain *d)
  10.158  {
  10.159 -    grant_mapping_t        *map;
  10.160 -    domid_t                 dom;
  10.161 -    grant_ref_t             ref;
  10.162 -    u16                     handle;
  10.163 -    struct domain          *ld, *rd;
  10.164 -    unsigned long           frame;
  10.165 -    active_grant_entry_t   *act;
  10.166 -    grant_entry_t          *sha;
  10.167 +    grant_table_t        *gt = d->grant_table;
  10.168 +    grant_mapping_t      *map;
  10.169 +    grant_ref_t           ref;
  10.170 +    u16                   handle;
  10.171 +    struct domain        *rd;
  10.172 +    active_grant_entry_t *act;
  10.173 +    grant_entry_t        *sha;
  10.174  
  10.175 -    ld = current->domain;
  10.176 +    BUG_ON(!test_bit(_DOMF_dying, &d->domain_flags));
  10.177  
  10.178      for ( handle = 0; handle < gt->maptrack_limit; handle++ )
  10.179      {
  10.180          map = &gt->maptrack[handle];
  10.181 -
  10.182 -        if ( !(map->ref_and_flags & GNTMAP_device_map) )
  10.183 +        if ( !(map->ref_and_flags & (GNTMAP_device_map|GNTMAP_host_map)) )
  10.184              continue;
  10.185  
  10.186 -        dom = map->domid;
  10.187          ref = map->ref_and_flags >> MAPTRACK_REF_SHIFT;
  10.188  
  10.189          DPRINTK("Grant release (%hu) ref:(%hu) flags:(%x) dom:(%hu)\n",
  10.190 -                handle, ref, map->ref_and_flags & MAPTRACK_GNTMAP_MASK, dom);
  10.191 +                handle, ref, map->ref_and_flags & MAPTRACK_GNTMAP_MASK,
  10.192 +                map->domid);
  10.193  
  10.194 -        if ( unlikely((rd = find_domain_by_id(dom)) == NULL) ||
  10.195 -             unlikely(ld == rd) )
  10.196 -        {
  10.197 -            if ( rd != NULL )
  10.198 -                put_domain(rd);
  10.199 -            printk(KERN_WARNING "Grant release: No dom%d\n", dom);
  10.200 -            continue;
  10.201 -        }
  10.202 +        rd = find_domain_by_id(map->domid);
  10.203 +        BUG_ON(rd == NULL);
  10.204 +
  10.205 +        spin_lock(&rd->grant_table->lock);
  10.206  
  10.207          act = &rd->grant_table->active[ref];
  10.208          sha = &rd->grant_table->shared[ref];
  10.209  
  10.210 -        spin_lock(&rd->grant_table->lock);
  10.211 -
  10.212 -        if ( act->pin & (GNTPIN_devw_mask | GNTPIN_devr_mask) )
  10.213 +        if ( map->ref_and_flags & GNTMAP_readonly )
  10.214          {
  10.215 -            frame = act->frame;
  10.216 +            if ( map->ref_and_flags & GNTMAP_device_map )
  10.217 +            {
  10.218 +                BUG_ON((act->pin & GNTPIN_devr_mask) == 0);
  10.219 +                act->pin -= GNTPIN_devr_inc;
  10.220 +            }
  10.221  
  10.222 -            if ( ( (act->pin & GNTPIN_hstw_mask) == 0 ) &&
  10.223 -                 ( (act->pin & GNTPIN_devw_mask) >  0 ) )
  10.224 +            if ( map->ref_and_flags & GNTMAP_host_map )
  10.225 +            {
  10.226 +                BUG_ON((act->pin & GNTPIN_hstr_mask) == 0);
  10.227 +                act->pin -= GNTPIN_hstr_inc;
  10.228 +            }
  10.229 +        }
  10.230 +        else
  10.231 +        {
  10.232 +            if ( map->ref_and_flags & GNTMAP_device_map )
  10.233 +            {
  10.234 +                BUG_ON((act->pin & GNTPIN_devw_mask) == 0);
  10.235 +                act->pin -= GNTPIN_devw_inc;
  10.236 +            }
  10.237 +
  10.238 +            if ( map->ref_and_flags & GNTMAP_host_map )
  10.239 +            {
  10.240 +                BUG_ON((act->pin & GNTPIN_hstw_mask) == 0);
  10.241 +                act->pin -= GNTPIN_hstw_inc;
  10.242 +            }
  10.243 +
  10.244 +            if ( (act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) == 0 )
  10.245              {
  10.246                  clear_bit(_GTF_writing, &sha->flags);
  10.247 -                put_page_type(&frame_table[frame]);
  10.248 +                put_page_type(&frame_table[act->frame]);
  10.249              }
  10.250 +        }
  10.251  
  10.252 -            map->ref_and_flags &= ~GNTMAP_device_map;
  10.253 -            act->pin &= ~(GNTPIN_devw_mask | GNTPIN_devr_mask);
  10.254 -            if ( act->pin == 0 )
  10.255 -            {
  10.256 -                clear_bit(_GTF_reading, &sha->flags);
  10.257 -                map->ref_and_flags = 0;
  10.258 -                put_page(&frame_table[frame]);
  10.259 -            }
  10.260 +        if ( act->pin == 0 )
  10.261 +        {
  10.262 +            clear_bit(_GTF_reading, &sha->flags);
  10.263 +            put_page(&frame_table[act->frame]);
  10.264          }
  10.265  
  10.266          spin_unlock(&rd->grant_table->lock);
  10.267  
  10.268          put_domain(rd);
  10.269 +
  10.270 +        map->ref_and_flags = 0;
  10.271      }
  10.272  }
  10.273  
    11.1 --- a/xen/include/asm-x86/page.h	Tue Nov 22 16:31:16 2005 +0100
    11.2 +++ b/xen/include/asm-x86/page.h	Tue Nov 22 17:00:56 2005 +0100
    11.3 @@ -273,6 +273,24 @@ extern void paging_init(void);
    11.4  #define _PAGE_AVAIL2   0x800U
    11.5  #define _PAGE_AVAIL    0xE00U
    11.6  
    11.7 +/*
    11.8 + * Debug option: Ensure that granted mappings are not implicitly unmapped.
    11.9 + * WARNING: This will need to be disabled to run OSes that use the spare PTE
   11.10 + * bits themselves (e.g., *BSD).
   11.11 + */
   11.12 +#ifndef NDEBUG
   11.13 +#define _PAGE_GNTTAB   _PAGE_AVAIL2
   11.14 +#else
   11.15 +#define _PAGE_GNTTAB   0
   11.16 +#endif
   11.17 +
   11.18 +/*
   11.19 + * Disallow unused flag bits plus PAT, PSE and GLOBAL. Also disallow GNTTAB
   11.20 + * if we are using it for grant-table debugging. Permit the NX bit if the
   11.21 + * hardware supports it.
   11.22 + */
   11.23 +#define BASE_DISALLOW_MASK ((0xFFFFF180U | _PAGE_GNTTAB) & ~_PAGE_NX)
   11.24 +
   11.25  #define __PAGE_HYPERVISOR \
   11.26      (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED)
   11.27  #define __PAGE_HYPERVISOR_NOCACHE \
    12.1 --- a/xen/include/asm-x86/x86_32/page-2level.h	Tue Nov 22 16:31:16 2005 +0100
    12.2 +++ b/xen/include/asm-x86/x86_32/page-2level.h	Tue Nov 22 17:00:56 2005 +0100
    12.3 @@ -1,5 +1,5 @@
    12.4 -#ifndef __X86_32_PAGE_2L_H__
    12.5 -#define __X86_32_PAGE_2L_H__
    12.6 +#ifndef __X86_32_PAGE_2LEVEL_H__
    12.7 +#define __X86_32_PAGE_2LEVEL_H__
    12.8  
    12.9  #define L1_PAGETABLE_SHIFT      12
   12.10  #define L2_PAGETABLE_SHIFT      22
   12.11 @@ -52,7 +52,7 @@ typedef l2_pgentry_t root_pgentry_t;
   12.12  #define get_pte_flags(x) ((int)(x) & 0xFFF)
   12.13  #define put_pte_flags(x) ((intpte_t)((x) & 0xFFF))
   12.14  
   12.15 -#define L1_DISALLOW_MASK (0xFFFFF180U) /* PAT/GLOBAL */
   12.16 -#define L2_DISALLOW_MASK (0xFFFFF180U) /* PSE/GLOBAL */
   12.17 +#define L1_DISALLOW_MASK BASE_DISALLOW_MASK
   12.18 +#define L2_DISALLOW_MASK BASE_DISALLOW_MASK
   12.19  
   12.20 -#endif /* __X86_32_PAGE_2L_H__ */
   12.21 +#endif /* __X86_32_PAGE_2LEVEL_H__ */
    13.1 --- a/xen/include/asm-x86/x86_32/page-3level.h	Tue Nov 22 16:31:16 2005 +0100
    13.2 +++ b/xen/include/asm-x86/x86_32/page-3level.h	Tue Nov 22 17:00:56 2005 +0100
    13.3 @@ -1,5 +1,5 @@
    13.4 -#ifndef __X86_32_PAGE_3L_H__
    13.5 -#define __X86_32_PAGE_3L_H__
    13.6 +#ifndef __X86_32_PAGE_3LEVEL_H__
    13.7 +#define __X86_32_PAGE_3LEVEL_H__
    13.8  
    13.9  #define L1_PAGETABLE_SHIFT      12
   13.10  #define L2_PAGETABLE_SHIFT      21
   13.11 @@ -65,8 +65,8 @@ typedef l3_pgentry_t root_pgentry_t;
   13.12  #define get_pte_flags(x) (((int)((x) >> 32) & ~0xFFF) | ((int)(x) & 0xFFF))
   13.13  #define put_pte_flags(x) (((intpte_t)((x) & ~0xFFF) << 32) | ((x) & 0xFFF))
   13.14  
   13.15 -#define L1_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* PAT/GLOBAL */
   13.16 -#define L2_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* PSE/GLOBAL */
   13.17 -#define L3_DISALLOW_MASK (0xFFFFF1E6U)             /* must-be-zero */
   13.18 +#define L1_DISALLOW_MASK BASE_DISALLOW_MASK
   13.19 +#define L2_DISALLOW_MASK BASE_DISALLOW_MASK
   13.20 +#define L3_DISALLOW_MASK 0xFFFFF1E6U /* must-be-zero */
   13.21  
   13.22 -#endif /* __X86_32_PAGE_3L_H__ */
   13.23 +#endif /* __X86_32_PAGE_3LEVEL_H__ */
    14.1 --- a/xen/include/asm-x86/x86_32/page.h	Tue Nov 22 16:31:16 2005 +0100
    14.2 +++ b/xen/include/asm-x86/x86_32/page.h	Tue Nov 22 17:00:56 2005 +0100
    14.3 @@ -23,6 +23,9 @@ extern unsigned int PAGE_HYPERVISOR;
    14.4  extern unsigned int PAGE_HYPERVISOR_NOCACHE;
    14.5  #endif
    14.6  
    14.7 +#define GRANT_PTE_FLAGS \
    14.8 +    (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_GNTTAB)
    14.9 +
   14.10  #endif /* __X86_32_PAGE_H__ */
   14.11  
   14.12  /*
    15.1 --- a/xen/include/asm-x86/x86_64/page.h	Tue Nov 22 16:31:16 2005 +0100
    15.2 +++ b/xen/include/asm-x86/x86_64/page.h	Tue Nov 22 17:00:56 2005 +0100
    15.3 @@ -72,14 +72,17 @@ typedef l4_pgentry_t root_pgentry_t;
    15.4  /* Bit 23 of a 24-bit flag mask. This corresponds to bit 63 of a pte.*/
    15.5  #define _PAGE_NX (cpu_has_nx ? (1U<<23) : 0U)
    15.6  
    15.7 -#define L1_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* PAT/GLOBAL */
    15.8 -#define L2_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* PSE/GLOBAL */
    15.9 -#define L3_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* must-be-zero */
   15.10 -#define L4_DISALLOW_MASK (0xFFFFF180U & ~_PAGE_NX) /* must-be-zero */
   15.11 +#define L1_DISALLOW_MASK BASE_DISALLOW_MASK
   15.12 +#define L2_DISALLOW_MASK BASE_DISALLOW_MASK
   15.13 +#define L3_DISALLOW_MASK (BASE_DISALLOW_MASK | 0x180U /* must-be-zero */)
   15.14 +#define L4_DISALLOW_MASK (BASE_DISALLOW_MASK | 0x180U /* must-be-zero */)
   15.15  
   15.16  #define PAGE_HYPERVISOR         (__PAGE_HYPERVISOR         | _PAGE_GLOBAL)
   15.17  #define PAGE_HYPERVISOR_NOCACHE (__PAGE_HYPERVISOR_NOCACHE | _PAGE_GLOBAL)
   15.18  
   15.19 +#define GRANT_PTE_FLAGS \
   15.20 +    (_PAGE_PRESENT|_PAGE_ACCESSED|_PAGE_DIRTY|_PAGE_GNTTAB|_PAGE_USER)
   15.21 +
   15.22  #endif /* __X86_64_PAGE_H__ */
   15.23  
   15.24  /*
    16.1 --- a/xen/include/xen/grant_table.h	Tue Nov 22 16:31:16 2005 +0100
    16.2 +++ b/xen/include/xen/grant_table.h	Tue Nov 22 17:00:56 2005 +0100
    16.3 @@ -94,10 +94,6 @@ int grant_table_create(
    16.4  void grant_table_destroy(
    16.5      struct domain *d);
    16.6  
    16.7 -/* Destroy host-CPU mappings via a grant-table entry. */
    16.8 -int gnttab_check_unmap(
    16.9 -    struct domain *rd, struct domain *ld, unsigned long frame, int readonly);
   16.10 -
   16.11  /*
   16.12   * Check that the given grant reference (rd,ref) allows 'ld' to transfer
   16.13   * ownership of a page frame. If so, lock down the grant entry.
   16.14 @@ -106,8 +102,9 @@ int
   16.15  gnttab_prepare_for_transfer(
   16.16      struct domain *rd, struct domain *ld, grant_ref_t ref);
   16.17  
   16.18 -/* Domain death release of granted device mappings of other domains.*/
   16.19 +/* Domain death release of granted mappings of other domains' memory. */
   16.20  void
   16.21 -gnttab_release_dev_mappings(grant_table_t *gt);
   16.22 +gnttab_release_mappings(
   16.23 +    struct domain *d);
   16.24  
   16.25  #endif /* __XEN_GRANT_H__ */