On 11.10.2022 11:28, Jan Beulich wrote: > find_ring_mfn() already holds a page reference when trying to obtain a > writable type reference. We shouldn't make assumptions on the general > reference count limit being effectively "infinity". Obtain merely a type > ref, re-using the general ref by only dropping the previously acquired > one in the case of an error. > > Signed-off-by: Jan Beulich <jbeul...@suse.com>
Ping? > --- > I further question the log-dirty check there: The present P2M type of a > page doesn't really matter for writing to the page (plus it's stale by > the time it is looked at). Instead I think every write to such a page > needs to be accompanied by a call to paging_mark_dirty(). > > --- a/xen/common/argo.c > +++ b/xen/common/argo.c > @@ -1429,10 +1429,11 @@ find_ring_mfn(struct domain *d, gfn_t gf > ret = -EAGAIN; > #endif > else if ( (p2mt != p2m_ram_rw) || > - !get_page_and_type(page, d, PGT_writable_page) ) > + !get_page_type(page, PGT_writable_page) ) > ret = -EINVAL; > > - put_page(page); > + if ( unlikely(ret) ) > + put_page(page); > > return ret; > } >
