[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Question on grant copying a previous grant mapped page

Hi all

I'm implementing a TX zero-copy prototype for Xen netback. It is very
common for several guests to connect through a bridge and communicate
with each other. So in the RX path there is something like:

if (page is from another domU)
  retrieve this page's src_gref and owner src_dom
  grant copy this (src_dom,src_gref) to dest domU (dst_dom,dst_gref)

Actually the code is doing grant copy from one gref to another gref,
only that the src_gref has been already mapped in Dom0.

Then we go down to hypervisor:


  act <- get active entry for gref
  if (!act->pin) {
    check stuff for transitive grant
    if (!act->pin) {
      set fields in act
  } else {
    set owning_domain

  act <- get active entry for gref
  if (grant table version is 1) {
    use v1 stuff
  } else {
    td = act->trans_domain
    trans_gref = act->trans_gref
  if (td != rd) {
    recursively release grant

Because src_gref is already mapped in Dom0, so its act->pin is not 0.
When we come to __release_grant_for_copy, since we're using version 2,
so td = act->trans_domain, in which case it is NULL(?!). rd is not NULL,
so (td != rd), we do a rcu_unlock_domain(NULL), which messes up the
preemption count. Finally it triggers ASSERT(!in_atomic()) in

I haven't modified netfront to use transitive grant. I don't know
whether I found a bug or I did things in a wrong way. However
rcu_unlocking NULL looks quite buggy to me, shouldn't we at least guard
against this case and fail earlier (in grant release code path)?

Any advice is welcomed.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.