If the requested range has a hole, the calculation of the number of
pages to unmap is off by one. Fix it.
Signed-off-by: Ross Lagerwall <[email protected]>
---
drivers/xen/gntdev.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 57efbd3..d3391a1 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -380,10 +380,8 @@ static int unmap_grant_pages(struct grant_map *map, int offset, int pages)
}
range = 0;
while (range < pages) {
- if (map->unmap_ops[offset+range].handle == -1) {
- range--;
+ if (map->unmap_ops[offset+range].handle == -1)
break;
- }
range++;
}
err = __unmap_grant_pages(map, offset, range);
--
2.9.5
When cleaning up after a partially successful gntdev_mmap(), unmap the
successfully mapped grant pages otherwise Xen will kill the domain if
in debug mode (Attempt to implicitly unmap a granted PTE) or Linux will
kill the process and emit "BUG: Bad page map in process" if Xen is in
release mode.
This is only needed when use_ptemod is true because gntdev_put_map()
will unmap grant pages itself when use_ptemod is false.
Signed-off-by: Ross Lagerwall <[email protected]>
---
drivers/xen/gntdev.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index d3391a1..bd56653 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -1071,8 +1071,10 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
out_unlock_put:
mutex_unlock(&priv->lock);
out_put_map:
- if (use_ptemod)
+ if (use_ptemod) {
map->vma = NULL;
+ unmap_grant_pages(map, 0, map->count);
+ }
gntdev_put_map(priv, map);
return err;
}
--
2.9.5
On 01/09/2018 07:10 AM, Ross Lagerwall wrote:
> If the requested range has a hole, the calculation of the number of
> pages to unmap is off by one. Fix it.
>
> Signed-off-by: Ross Lagerwall <[email protected]>
Reviewed-by: Boris Ostrovsky <[email protected]>
On 01/09/2018 07:10 AM, Ross Lagerwall wrote:
> When cleaning up after a partially successful gntdev_mmap(), unmap the
> successfully mapped grant pages otherwise Xen will kill the domain if
> in debug mode (Attempt to implicitly unmap a granted PTE) or Linux will
> kill the process and emit "BUG: Bad page map in process" if Xen is in
> release mode.
>
> This is only needed when use_ptemod is true because gntdev_put_map()
> will unmap grant pages itself when use_ptemod is false.
>
> Signed-off-by: Ross Lagerwall <[email protected]>
Reviewed-by: Boris Ostrovsky <[email protected]>
although I wonder whether it may be possible to have gntdev_put_map()
figure whether to unmap the pages if use_ptemod is set.
> ---
> drivers/xen/gntdev.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
> index d3391a1..bd56653 100644
> --- a/drivers/xen/gntdev.c
> +++ b/drivers/xen/gntdev.c
> @@ -1071,8 +1071,10 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
> out_unlock_put:
> mutex_unlock(&priv->lock);
> out_put_map:
> - if (use_ptemod)
> + if (use_ptemod) {
> map->vma = NULL;
> + unmap_grant_pages(map, 0, map->count);
> + }
> gntdev_put_map(priv, map);
> return err;
> }
>
On 01/10/2018 01:22 AM, Boris Ostrovsky wrote:
>
>
> On 01/09/2018 07:10 AM, Ross Lagerwall wrote:
>> When cleaning up after a partially successful gntdev_mmap(), unmap the
>> successfully mapped grant pages otherwise Xen will kill the domain if
>> in debug mode (Attempt to implicitly unmap a granted PTE) or Linux will
>> kill the process and emit "BUG: Bad page map in process" if Xen is in
>> release mode.
>>
>> This is only needed when use_ptemod is true because gntdev_put_map()
>> will unmap grant pages itself when use_ptemod is false.
>>
>> Signed-off-by: Ross Lagerwall <[email protected]>
>
> Reviewed-by: Boris Ostrovsky <[email protected]>
>
> although I wonder whether it may be possible to have gntdev_put_map()
> figure whether to unmap the pages if use_ptemod is set.
It was a while since I wrote this patch, but IIRC when use_ptemod is
set, successfully mmapped pages are unmapped via the mmu_notifier
release callback. So doing it in gntdev_put_map() isn't possible without
further changes.
--
Ross Lagerwall