 @@ -1,14 +1,14 @@
-/*      $NetBSD: xengnt.c,v 1.22.2.1 2012/02/23 21:19:55 riz Exp $      */
+/*      $NetBSD: xengnt.c,v 1.22.2.1.4.1 2012/10/31 16:15:28 riz Exp $      */
 /*
  * Copyright (c) 2006 Manuel Bouyer.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
+ *
 @@ -16,51 +16,54 @@
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xengnt.c,v 1.22.2.1 2012/02/23 21:19:55 riz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xengnt.c,v 1.22.2.1.4.1 2012/10/31 16:15:28 riz Exp $");
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/malloc.h>
 #include <sys/queue.h>
 #include <sys/extent.h>
 #include <sys/kernel.h>
 #include <sys/mutex.h>
 #include <uvm/uvm.h>
 #include <xen/hypervisor.h>
 #include <xen/xen.h>
 #include <xen/granttables.h>
 /* #define XENDEBUG */
 #ifdef XENDEBUG
 #define DPRINTF(x) printf x
 #else
 #define DPRINTF(x)
 #endif
 #define NR_GRANT_ENTRIES_PER_PAGE (PAGE_SIZE / sizeof(grant_entry_t))
 /* External tools reserve first few grant table entries. */
 #define NR_RESERVED_ENTRIES 8
 /* Current number of frames making up the grant table */
 int gnt_nr_grant_frames;
 /* Maximum number of frames that can make up the grant table */
 int gnt_max_grant_frames;
 /* table of free grant entries */
 grant_ref_t *gnt_entries;
 /* last free entry */
 int last_gnt_entry;
 /* empty entry in the list */
 #define XENGNT_NO_ENTRY 0xffffffff
 /* VM address of the grant table */
 @@ -151,27 +154,27 @@ xengnt_suspend(void) {
+}
 /*
  * Add another page to the grant table
  * Returns 0 on success, ENOMEM on failure
  */
 static int
 xengnt_more_entries(void)
+{
 	gnttab_setup_table_t setup;
 	u_long *pages;
 	int nframes_new = gnt_nr_grant_frames + 1;
-	int i;
+	int i, start_gnt;
 	KASSERT(mutex_owned(&grant_lock));
 	if (gnt_nr_grant_frames == gnt_max_grant_frames)
 		return ENOMEM;
 	pages = malloc(nframes_new * sizeof(u_long), M_DEVBUF, M_NOWAIT);
 	if (pages == NULL)
 		return ENOMEM;
 	setup.dom = DOMID_SELF;
 	setup.nr_frames = nframes_new;
 	xenguest_handle(setup.frame_list) = pages;
 @@ -194,29 +197,34 @@ xengnt_more_entries(void)
 	    (char *)grant_table + gnt_nr_grant_frames * PAGE_SIZE));
 	/*
 	 * map between grant_table addresses and the machine addresses of
 	 * the grant table frames
 	 */
 	pmap_kenter_ma(((vaddr_t)grant_table) + gnt_nr_grant_frames * PAGE_SIZE,
 	    ((paddr_t)pages[gnt_nr_grant_frames]) << PAGE_SHIFT,
 	    VM_PROT_WRITE, 0);
 	pmap_update(pmap_kernel());
 	/*
 	 * add the grant entries associated to the last grant table frame
-	 * and mark them as free
+	 * and mark them as free. Prevent using the first grants (from 0 to 8)
 	 * since they are used by the tools.
 	 */
-	for (i = gnt_nr_grant_frames * NR_GRANT_ENTRIES_PER_PAGE;
+	start_gnt = (gnt_nr_grant_frames * NR_GRANT_ENTRIES_PER_PAGE) <
 	            (NR_RESERVED_ENTRIES + 1) ?
 	            (NR_RESERVED_ENTRIES + 1) :
 	            (gnt_nr_grant_frames * NR_GRANT_ENTRIES_PER_PAGE);
 	for (i = start_gnt;
 	    i < nframes_new * NR_GRANT_ENTRIES_PER_PAGE;
 	    i++) {
 		KASSERT(gnt_entries[last_gnt_entry] == XENGNT_NO_ENTRY);
 		gnt_entries[last_gnt_entry] = i;
 		last_gnt_entry++;
+	}
 	gnt_nr_grant_frames = nframes_new;
 	free(pages, M_DEVBUF);
 	return 0;
+}
 /*
  * Returns a reference to the first free entry in grant table
 @@ -230,39 +238,40 @@ xengnt_get_entry(void)
 	if (last_gnt_entry == 0) {
 		if (xengnt_more_entries()) {
 			if (ratecheck(&xengnt_nonmemtime, &xengnt_nonmemintvl))
 				printf("xengnt_get_entry: out of grant "
 				    "table entries\n");
 			return XENGNT_NO_ENTRY;
+		}
+	}
 	KASSERT(gnt_entries[last_gnt_entry] == XENGNT_NO_ENTRY);
 	last_gnt_entry--;
 	entry = gnt_entries[last_gnt_entry];
 	gnt_entries[last_gnt_entry] = XENGNT_NO_ENTRY;
-	KASSERT(entry != XENGNT_NO_ENTRY);
+	KASSERT(entry != XENGNT_NO_ENTRY && entry > NR_RESERVED_ENTRIES);
 	KASSERT(last_gnt_entry >= 0);
 	KASSERT(last_gnt_entry <= gnt_max_grant_frames * NR_GRANT_ENTRIES_PER_PAGE);
 	return entry;
+}
 /*
  * Mark the grant table entry as free
  */
 static void
 xengnt_free_entry(grant_ref_t entry)
+{
 	mutex_enter(&grant_lock);
 	KASSERT(entry > NR_RESERVED_ENTRIES);
 	KASSERT(gnt_entries[last_gnt_entry] == XENGNT_NO_ENTRY);
 	KASSERT(last_gnt_entry >= 0);
 	KASSERT(last_gnt_entry <= gnt_max_grant_frames * NR_GRANT_ENTRIES_PER_PAGE);
 	gnt_entries[last_gnt_entry] = entry;
 	last_gnt_entry++;
 	mutex_exit(&grant_lock);
+}
 int
 xengnt_grant_access(domid_t dom, paddr_t ma, int ro, grant_ref_t *entryp)
+{
 	mutex_enter(&grant_lock);