Xen project Mailing List

Re: [PATCH] xen/virtio: Handle cases when page offset > PAGE_SIZE properly

To: Oleksandr Tyshchenko <olekstysh@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx

From: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>

Date: Sat, 8 Oct 2022 14:08:25 +0300

Cc: Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>

Delivery-date: Sat, 08 Oct 2022 11:08:36 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 10/7/22 16:27, Oleksandr Tyshchenko wrote: Hi Oleksandr

From: Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>

Passed to xen_grant_dma_map_page() offset in the page
can be > PAGE_SIZE even if the guest uses the same page granularity
as Xen (4KB).

Before current patch, if such case happened we ended up providing
grants for the whole region in xen_grant_dma_map_page() which
was really unnecessary. The more, we ended up not releasing all
grants which represented that region in xen_grant_dma_unmap_page().

Current patch updates the code to be able to deal with such cases.

Signed-off-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>
---
Cc: Juergen Gross <jgross@xxxxxxxx>
Cc: Xenia Ragiadakou <burzalodowa@xxxxxxxxx>

Depens on:
https://lore.kernel.org/xen-devel/20221005174823.1800761-1-olekstysh@xxxxxxxxx/

Should go in only after that series.
---
  drivers/xen/grant-dma-ops.c | 8 +++++---
  1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/xen/grant-dma-ops.c b/drivers/xen/grant-dma-ops.c
index c66f56d24013..1385f0e686fe 100644
--- a/drivers/xen/grant-dma-ops.c
+++ b/drivers/xen/grant-dma-ops.c
@@ -168,7 +168,9 @@ static dma_addr_t xen_grant_dma_map_page(struct device 
*dev, struct page *page,
                                         unsigned long attrs)
  {
        struct xen_grant_dma_data *data;
-       unsigned int i, n_pages = PFN_UP(offset + size);
+       unsigned long dma_offset = offset_in_page(offset),
+                       gfn_offset = PFN_DOWN(offset);
+       unsigned int i, n_pages = PFN_UP(dma_offset + size);

IIUC, the above with a later patch will become: dma_offset = xen_offset_in_page(offset) gfn_offset = XEN_PFN_DOWN(offset) n_pages = XEN_PFN_UP(dma_offset + size)

        grant_ref_t grant;
        dma_addr_t dma_handle;

@@ -187,10 +189,10 @@ static dma_addr_t xen_grant_dma_map_page(struct device *dev, struct page *page,for (i = 0; i < n_pages; i++) {

                gnttab_grant_foreign_access_ref(grant + i, data->backend_domid,
-                               xen_page_to_gfn(page) + i, dir == 
DMA_TO_DEVICE);
+                               xen_page_to_gfn(page) + i + gfn_offset, dir == 
DMA_TO_DEVICE);

Here, why the pfn is not calculated before passing it to pfn_to_gfn()? I mean sth like pfn_to_gfn(page_to_xen_pfn(page) + gfn_offset + i)

- dma_handle = grant_to_dma(grant) + offset;

+       dma_handle = grant_to_dma(grant) + dma_offset;

return dma_handle;

-- Xenia

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.