From nobody Sat May 4 11:06:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1610723692; cv=none; d=zohomail.com; s=zohoarc; b=XOACPlkabeKsQSkbqHgNfCUPLIOHw21gTxszwAlZ5rcDXPPSEAhtDmBL+B0l9YCXufIm2BTGD1eBkA/43x4jYVaatawDFUUrB8XWSBb0XN3IrOsh3fTNbRjmbBNFubL+IqsrE2F2flI0zxKclpvWPI3z+Gnm7Vv1BpbZEuFyHOw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1610723692; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=WSdy8Pz3L/zprCeC4fpdnW1IB0NsmJcT9iH+zGCLuIc=; b=dtXm4RdGg5MAUgTkXWZ/aprbOoDn5S/sFE4P1i1w+bducsD5NyhIMdeg9ibv7dAblY8vMttXIYeUC9kzk+manXYPnP4hkU8v/+4QjS73UUu/FOlLBkk0JfECdFhTyuUFvvYv9VQsgzviQu+lBB+HHKDb0ei4TFCJQVPPWXDlgzQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1610723692431520.9540190756743; Fri, 15 Jan 2021 07:14:52 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.68262.122180 (Exim 4.92) (envelope-from ) id 1l0Qo4-00082N-9P; Fri, 15 Jan 2021 15:14:32 +0000 Received: by outflank-mailman (output) from mailman id 68262.122180; Fri, 15 Jan 2021 15:14:32 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l0Qo4-00082G-6E; Fri, 15 Jan 2021 15:14:32 +0000 Received: by outflank-mailman (input) for mailman id 68262; Fri, 15 Jan 2021 15:14:31 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l0Qo3-000826-5H for xen-devel@lists.xenproject.org; Fri, 15 Jan 2021 15:14:31 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 0555514c-5875-42c8-b45a-696a1be5e48d; Fri, 15 Jan 2021 15:14:29 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 0F743B27F; Fri, 15 Jan 2021 15:14:29 +0000 (UTC) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 0555514c-5875-42c8-b45a-696a1be5e48d X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1610723669; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WSdy8Pz3L/zprCeC4fpdnW1IB0NsmJcT9iH+zGCLuIc=; b=bTh8MI5jlTecwZZA1lv0M2Wyu+CjOcDr8S1oxR9oLgOwuoRdJH5g7D2nhIauFDfIJWc7b6 JzRXxlmBY/DzzgWt+T9+sS7jFCymxn+Vj7Fnu8OXb1OgY1X5t0GwjHT35pixOQifjqWuy6 4rY5VC/bhz34e4oiZf1BMBzZO2uw+rc= Subject: [PATCH v2 1/2] gnttab: adjust pin count overflow checks From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , George Dunlap , Ian Jackson , Julien Grall , Stefano Stabellini , Wei Liu References: <43168334-20af-a0ed-95ec-8eef5200877b@suse.com> Message-ID: Date: Fri, 15 Jan 2021 16:14:29 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <43168334-20af-a0ed-95ec-8eef5200877b@suse.com> Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @suse.com) Content-Type: text/plain; charset="utf-8" It's at least odd to check counters which aren't going to be incremented, resulting in failure just because prior operations may have left an entry in an unusual state. And it's also not helpful to use open-coded literal numbers in these checks. Calculate the increment values first and derive from them the mask to use in the checks. Also move the pin count checks ahead of the calculation of the status (and for copy also sha2) pointers: They're not needed in the failure cases, and this way the compiler may also have an easier time keeping the variables at least transiently in registers for the subsequent uses. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- v2: Replace pre-existing comment. Introduce GNTPIN_incr2oflow_mask(). --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -322,23 +322,38 @@ shared_entry_header(struct grant_table * =20 /* Active grant entry - used for shadowing GTF_permit_access grants. */ struct active_grant_entry { - uint32_t pin; /* Reference count information: */ +/* + * 4x byte-wide reference counts, for {host,device}{read,write} mappings, + * implemented as a single 32-bit (presumably to optimise checking for any + * reference). + */ + uint32_t pin; + /* Width of the individual counter fields. */ +#define GNTPIN_cntr_width 8 +#define GNTPIN_cntr_mask ((1U << GNTPIN_cntr_width) - 1) /* Count of writable host-CPU mappings. */ #define GNTPIN_hstw_shift 0 #define GNTPIN_hstw_inc (1U << GNTPIN_hstw_shift) -#define GNTPIN_hstw_mask (0xFFU << GNTPIN_hstw_shift) +#define GNTPIN_hstw_mask (GNTPIN_cntr_mask << GNTPIN_hstw_shift) /* Count of read-only host-CPU mappings. */ -#define GNTPIN_hstr_shift 8 +#define GNTPIN_hstr_shift (GNTPIN_hstw_shift + GNTPIN_cntr_width) #define GNTPIN_hstr_inc (1U << GNTPIN_hstr_shift) -#define GNTPIN_hstr_mask (0xFFU << GNTPIN_hstr_shift) +#define GNTPIN_hstr_mask (GNTPIN_cntr_mask << GNTPIN_hstr_shift) /* Count of writable device-bus mappings. */ -#define GNTPIN_devw_shift 16 +#define GNTPIN_devw_shift (GNTPIN_hstr_shift + GNTPIN_cntr_width) #define GNTPIN_devw_inc (1U << GNTPIN_devw_shift) -#define GNTPIN_devw_mask (0xFFU << GNTPIN_devw_shift) +#define GNTPIN_devw_mask (GNTPIN_cntr_mask << GNTPIN_devw_shift) /* Count of read-only device-bus mappings. */ -#define GNTPIN_devr_shift 24 +#define GNTPIN_devr_shift (GNTPIN_devw_shift + GNTPIN_cntr_width) #define GNTPIN_devr_inc (1U << GNTPIN_devr_shift) -#define GNTPIN_devr_mask (0xFFU << GNTPIN_devr_shift) +#define GNTPIN_devr_mask (GNTPIN_cntr_mask << GNTPIN_devr_shift) + +/* Convert a combination of GNTPIN_*_inc to an overflow checking mask. */ +#define GNTPIN_incr2oflow_mask(x) ({ \ + ASSERT(!((x) & ~(GNTPIN_hstw_inc | GNTPIN_hstr_inc | \ + GNTPIN_devw_inc | GNTPIN_devr_inc))); \ + (x) << (GNTPIN_cntr_width - 1); \ +}) =20 domid_t domid; /* Domain being granted access. */ unsigned int start:15; /* For sub-page grants, the start offset @@ -988,7 +1003,8 @@ map_grant_ref( mfn_t mfn; struct page_info *pg =3D NULL; int rc =3D GNTST_okay; - unsigned int cache_flags, clear_flags =3D 0, refcnt =3D 0, typecnt = =3D 0; + unsigned int cache_flags, clear_flags =3D 0, refcnt =3D 0, typecnt = =3D 0, + pin_incr =3D 0; bool host_map_created =3D false; struct active_grant_entry *act =3D NULL; struct grant_mapping *mt; @@ -998,7 +1014,14 @@ map_grant_ref( =20 ld =3D current->domain; =20 - if ( unlikely((op->flags & (GNTMAP_device_map|GNTMAP_host_map)) =3D=3D= 0) ) + if ( op->flags & GNTMAP_device_map ) + pin_incr +=3D (op->flags & GNTMAP_readonly) ? GNTPIN_devr_inc + : GNTPIN_devw_inc; + if ( op->flags & GNTMAP_host_map ) + pin_incr +=3D (op->flags & GNTMAP_readonly) ? GNTPIN_hstr_inc + : GNTPIN_hstw_inc; + + if ( unlikely(!pin_incr) ) { gdprintk(XENLOG_INFO, "Bad flags in grant map op: %x\n", op->flags= ); op->status =3D GNTST_bad_gntref; @@ -1052,19 +1075,19 @@ map_grant_ref( shah =3D shared_entry_header(rgt, ref); act =3D active_entry_acquire(rgt, ref); =20 - /* Make sure we do not access memory speculatively */ - status =3D evaluate_nospec(rgt->gt_version =3D=3D 1) ? &shah->flags - : &status_entry(rgt, ref); - /* If already pinned, check the active domid and avoid refcnt overflow= . */ if ( act->pin && ((act->domid !=3D ld->domain_id) || - (act->pin & 0x80808080U) !=3D 0 || + (act->pin & GNTPIN_incr2oflow_mask(pin_incr)) || (act->is_sub_page)) ) PIN_FAIL(act_release_out, GNTST_general_error, "Bad domain (%d !=3D %d), or risk of counter overflow %08= x, or subpage %d\n", act->domid, ld->domain_id, act->pin, act->is_sub_page); =20 + /* Make sure we do not access memory speculatively */ + status =3D evaluate_nospec(rgt->gt_version =3D=3D 1) ? &shah->flags + : &status_entry(rgt, re= f); + if ( !act->pin || (!(op->flags & GNTMAP_readonly) && !(act->pin & (GNTPIN_hstw_mask|GNTPIN_devw_mask))) ) @@ -1095,12 +1118,7 @@ map_grant_ref( } } =20 - if ( op->flags & GNTMAP_device_map ) - act->pin +=3D (op->flags & GNTMAP_readonly) ? - GNTPIN_devr_inc : GNTPIN_devw_inc; - if ( op->flags & GNTMAP_host_map ) - act->pin +=3D (op->flags & GNTMAP_readonly) ? - GNTPIN_hstr_inc : GNTPIN_hstw_inc; + act->pin +=3D pin_incr; =20 mfn =3D act->mfn; =20 @@ -1275,13 +1293,7 @@ map_grant_ref( grant_read_lock(rgt); =20 act =3D active_entry_acquire(rgt, op->ref); - - if ( op->flags & GNTMAP_device_map ) - act->pin -=3D (op->flags & GNTMAP_readonly) ? - GNTPIN_devr_inc : GNTPIN_devw_inc; - if ( op->flags & GNTMAP_host_map ) - act->pin -=3D (op->flags & GNTMAP_readonly) ? - GNTPIN_hstr_inc : GNTPIN_hstw_inc; + act->pin -=3D pin_incr; =20 unlock_out_clear: if ( !(op->flags & GNTMAP_readonly) && @@ -2516,6 +2528,7 @@ acquire_grant_for_copy( uint16_t trans_length; bool is_sub_page; s16 rc =3D GNTST_okay; + unsigned int pin_incr =3D readonly ? GNTPIN_hstr_inc : GNTPIN_hstw_inc; unsigned int clear_flags =3D 0; =20 *page =3D NULL; @@ -2530,6 +2543,14 @@ acquire_grant_for_copy( shah =3D shared_entry_header(rgt, gref); act =3D active_entry_acquire(rgt, gref); =20 + /* If already pinned, check the active domid and avoid refcnt overflow= . */ + if ( act->pin && + ((act->domid !=3D ldom) || + (act->pin & GNTPIN_incr2oflow_mask(pin_incr))) ) + PIN_FAIL(unlock_out, GNTST_general_error, + "Bad domain (%d !=3D %d), or risk of counter overflow %08= x\n", + act->domid, ldom, act->pin); + if ( evaluate_nospec(rgt->gt_version =3D=3D 1) ) { sha2 =3D NULL; @@ -2541,12 +2562,6 @@ acquire_grant_for_copy( status =3D &status_entry(rgt, gref); } =20 - /* If already pinned, check the active domid and avoid refcnt overflow= . */ - if ( act->pin && ((act->domid !=3D ldom) || (act->pin & 0x80808080U) != =3D 0) ) - PIN_FAIL(unlock_out, GNTST_general_error, - "Bad domain (%d !=3D %d), or risk of counter overflow %08= x\n", - act->domid, ldom, act->pin); - old_pin =3D act->pin; if ( sha2 && (shah->flags & GTF_type_mask) =3D=3D GTF_transitive ) { @@ -2728,7 +2743,7 @@ acquire_grant_for_copy( } } =20 - act->pin +=3D readonly ? GNTPIN_hstr_inc : GNTPIN_hstw_inc; + act->pin +=3D pin_incr; =20 *page_off =3D act->start; *length =3D act->length; From nobody Sat May 4 11:06:19 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=quarantine dis=none) header.from=suse.com ARC-Seal: i=1; a=rsa-sha256; t=1610723720; cv=none; d=zohomail.com; s=zohoarc; b=kwLPGuRkj1Y5Vilv05nNACPREuH/LpOdyq3SjvVQh35J05flRkwK8R26YawD38WkaS7hULYkYF0Nxjbktmc5WipGozXXo909yFSAV3bS58JBTdK/2mBMtDRhKuG+swpOMEnC/1JpI2Tg0hUrgIE8WyTPrLYwKWBayqu3dlAn2T8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1610723720; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=/q9UZ0XeH426n57zPhmm8s1WzsdppI7RSSMGBzPjeIU=; b=bAalJroTn0mx+cNtDX9R+jEluH1nK3DHGFiKGjdD6vu3K6BT/cSgBXUHrJ9svztckDZEKTRsq2dMRyLQmIVeFBfxHbv8P935CIdZ5zNhwYLNMG3CIxLMIJi4e2+6acoPKq+4Xw0OgWdUvsYIicdAy89TYNc0HzCjJwiCrJQmL6w= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=quarantine dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1610723720399429.28257438760807; Fri, 15 Jan 2021 07:15:20 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.68268.122205 (Exim 4.92) (envelope-from ) id 1l0Qoa-0008DV-Qy; Fri, 15 Jan 2021 15:15:04 +0000 Received: by outflank-mailman (output) from mailman id 68268.122205; Fri, 15 Jan 2021 15:15:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l0Qoa-0008DO-Nj; Fri, 15 Jan 2021 15:15:04 +0000 Received: by outflank-mailman (input) for mailman id 68268; Fri, 15 Jan 2021 15:15:03 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l0QoZ-0008DF-F4 for xen-devel@lists.xenproject.org; Fri, 15 Jan 2021 15:15:03 +0000 Received: from mx2.suse.de (unknown [195.135.220.15]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 4f3005e2-5488-4cd7-8b27-c21a7531f9b0; Fri, 15 Jan 2021 15:15:02 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.221.27]) by mx2.suse.de (Postfix) with ESMTP id 79F6CAB7F; Fri, 15 Jan 2021 15:15:01 +0000 (UTC) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 4f3005e2-5488-4cd7-8b27-c21a7531f9b0 X-Virus-Scanned: by amavisd-new at test-mx.suse.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1610723701; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/q9UZ0XeH426n57zPhmm8s1WzsdppI7RSSMGBzPjeIU=; b=aJV+nGKDRu2X2o9+cSmj3RGYMiLvgQ9POz9fIKdldDQDzcLTRdSLJyUF20bR3cMHkFLnGc 1+fBShvWowGo+jIsZN/gXN9yNL42pHawSTVTR7T126gM6VTEQvPHCNOGTfvaCCCoGHVlq1 Uvuo2VyKJ3ftb4Ai6IqOhYToUIbbhWs= Subject: [PATCH v2 2/2] gnttab: consolidate pin-to-status syncing From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , George Dunlap , Ian Jackson , Julien Grall , Stefano Stabellini , Wei Liu References: <43168334-20af-a0ed-95ec-8eef5200877b@suse.com> Message-ID: <54d2a427-e3d6-ec19-055a-2ec7f6fd2a0d@suse.com> Date: Fri, 15 Jan 2021 16:15:01 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.6.1 MIME-Version: 1.0 In-Reply-To: <43168334-20af-a0ed-95ec-8eef5200877b@suse.com> Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @suse.com) Content-Type: text/plain; charset="utf-8" Forever since the fix for XSA-230 the 2nd of the comments ahead of fixup_status_for_copy_pin() has been stale - there's nothing specific to transitive grants there anymore. Move the function up, drop the "copy" part from its name again, add a "readonly" parameter, and use it also on other paths having decremented one (or not having got to increment any) of the pin counts. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- v2: Rename helper to reduce_status_for_pin() and adjust its comment accordingly. --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -920,6 +920,25 @@ static int _set_status(const grant_entry return _set_status_v2(shah, status, rd, act, readonly, mapflag, ld= omid); } =20 +/* + * The status for a grant may indicate that we're taking more access than + * the pin requires. Reduce the status to match the pin. Called with the + * domain's grant table lock held at least in read mode and with the active + * entry lock held (iow act->pin can't change behind our backs). + */ +static void reduce_status_for_pin(struct domain *rd, + const struct active_grant_entry *act, + uint16_t *status, bool readonly) +{ + unsigned int clear_flags =3D act->pin ? 0 : GTF_reading; + + if ( !readonly && !(act->pin & (GNTPIN_hstw_mask | GNTPIN_devw_mask)) ) + clear_flags |=3D GTF_writing; + + if ( clear_flags ) + gnttab_clear_flags(rd, clear_flags, status); +} + static struct active_grant_entry *grant_map_exists(const struct domain *ld, struct grant_table *rgt, mfn_t mfn, @@ -1003,8 +1022,7 @@ map_grant_ref( mfn_t mfn; struct page_info *pg =3D NULL; int rc =3D GNTST_okay; - unsigned int cache_flags, clear_flags =3D 0, refcnt =3D 0, typecnt = =3D 0, - pin_incr =3D 0; + unsigned int cache_flags, refcnt =3D 0, typecnt =3D 0, pin_incr =3D = 0; bool host_map_created =3D false; struct active_grant_entry *act =3D NULL; struct grant_mapping *mt; @@ -1296,15 +1314,7 @@ map_grant_ref( act->pin -=3D pin_incr; =20 unlock_out_clear: - if ( !(op->flags & GNTMAP_readonly) && - !(act->pin & (GNTPIN_hstw_mask|GNTPIN_devw_mask)) ) - clear_flags |=3D GTF_writing; - - if ( !act->pin ) - clear_flags |=3D GTF_reading; - - if ( clear_flags ) - gnttab_clear_flags(rd, clear_flags, status); + reduce_status_for_pin(rd, act, status, op->flags & GNTMAP_readonly); =20 act_release_out: active_entry_release(act); @@ -1519,7 +1529,6 @@ unmap_common_complete(struct gnttab_unma grant_entry_header_t *sha; struct page_info *pg; uint16_t *status; - unsigned int clear_flags =3D 0; =20 if ( evaluate_nospec(!op->done) ) { @@ -1578,15 +1587,7 @@ unmap_common_complete(struct gnttab_unma act->pin -=3D GNTPIN_hstw_inc; } =20 - if ( ((act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) =3D=3D 0) && - !(op->done & GNTMAP_readonly) ) - clear_flags |=3D GTF_writing; - - if ( act->pin =3D=3D 0 ) - clear_flags |=3D GTF_reading; - - if ( clear_flags ) - gnttab_clear_flags(rd, clear_flags, status); + reduce_status_for_pin(rd, act, status, op->done & GNTMAP_readonly); =20 active_entry_release(act); grant_read_unlock(rgt); @@ -2426,7 +2427,6 @@ release_grant_for_copy( uint16_t *status; grant_ref_t trans_gref; struct domain *td; - unsigned int clear_flags =3D 0; =20 grant_read_lock(rgt); =20 @@ -2456,15 +2456,9 @@ release_grant_for_copy( gnttab_mark_dirty(rd, mfn); =20 act->pin -=3D GNTPIN_hstw_inc; - if ( !(act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) ) - clear_flags |=3D GTF_writing; } =20 - if ( !act->pin ) - clear_flags |=3D GTF_reading; - - if ( clear_flags ) - gnttab_clear_flags(rd, clear_flags, status); + reduce_status_for_pin(rd, act, status, readonly); =20 active_entry_release(act); grant_read_unlock(rgt); @@ -2481,27 +2475,6 @@ release_grant_for_copy( } } =20 -/* The status for a grant indicates that we're taking more access than - the pin requires. Fix up the status to match the pin. Called - under the domain's grant table lock. */ -/* Only safe on transitive grants. Even then, note that we don't - attempt to drop any pin on the referent grant. */ -static void fixup_status_for_copy_pin(struct domain *rd, - const struct active_grant_entry *act, - uint16_t *status) -{ - unsigned int clear_flags =3D 0; - - if ( !(act->pin & (GNTPIN_hstw_mask | GNTPIN_devw_mask)) ) - clear_flags |=3D GTF_writing; - - if ( !act->pin ) - clear_flags |=3D GTF_reading; - - if ( clear_flags ) - gnttab_clear_flags(rd, clear_flags, status); -} - /* * Grab a machine frame number from a grant entry and update the flags * and pin count as appropriate. If rc =3D=3D GNTST_okay, note that this *= does* @@ -2529,7 +2502,6 @@ acquire_grant_for_copy( bool is_sub_page; s16 rc =3D GNTST_okay; unsigned int pin_incr =3D readonly ? GNTPIN_hstr_inc : GNTPIN_hstw_inc; - unsigned int clear_flags =3D 0; =20 *page =3D NULL; =20 @@ -2616,8 +2588,8 @@ acquire_grant_for_copy( =20 if ( rc !=3D GNTST_okay ) { - fixup_status_for_copy_pin(rd, act, status); rcu_unlock_domain(td); + reduce_status_for_pin(rd, act, status, readonly); active_entry_release(act); grant_read_unlock(rgt); return rc; @@ -2639,8 +2611,8 @@ acquire_grant_for_copy( !act->is_sub_page)) ) { release_grant_for_copy(td, trans_gref, readonly); - fixup_status_for_copy_pin(rd, act, status); rcu_unlock_domain(td); + reduce_status_for_pin(rd, act, status, readonly); active_entry_release(act); grant_read_unlock(rgt); put_page(*page); @@ -2754,15 +2726,7 @@ acquire_grant_for_copy( return rc; =20 unlock_out_clear: - if ( !(readonly) && - !(act->pin & (GNTPIN_hstw_mask | GNTPIN_devw_mask)) ) - clear_flags |=3D GTF_writing; - - if ( !act->pin ) - clear_flags |=3D GTF_reading; - - if ( clear_flags ) - gnttab_clear_flags(rd, clear_flags, status); + reduce_status_for_pin(rd, act, status, readonly); =20 unlock_out: active_entry_release(act); @@ -3732,8 +3696,6 @@ gnttab_release_mappings( =20 for ( handle =3D 0; handle < gt->maptrack_limit; handle++ ) { - unsigned int clear_flags =3D 0; - map =3D &maptrack_entry(gt, handle); if ( !(map->flags & (GNTMAP_device_map|GNTMAP_host_map)) ) continue; @@ -3806,16 +3768,9 @@ gnttab_release_mappings( put_page(pg); } } - - if ( (act->pin & (GNTPIN_devw_mask|GNTPIN_hstw_mask)) =3D=3D 0= ) - clear_flags |=3D GTF_writing; } =20 - if ( act->pin =3D=3D 0 ) - clear_flags |=3D GTF_reading; - - if ( clear_flags ) - gnttab_clear_flags(rd, clear_flags, status); + reduce_status_for_pin(rd, act, status, map->flags & GNTMAP_readonl= y); =20 active_entry_release(act); grant_read_unlock(rgt);