Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp806596imm; Mon, 21 May 2018 14:51:47 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqFaHelcLcQuznGV6Jdmv3sxm6gcRWSquZkm6bksu+Ut9Qi0Wg96nGI0egpcMXPQE2kaqeN X-Received: by 2002:a62:f80c:: with SMTP id d12-v6mr21709646pfh.159.1526939507819; Mon, 21 May 2018 14:51:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526939507; cv=none; d=google.com; s=arc-20160816; b=SgTIc7o1MbvvrvxMEhVdpIrv7Q1J/2zu1lPb2RFRqfXzXhppEMSkxaD1FyTg1VryRV SSi4VVHgJP1PS30f/b6S0m7uc28tjFVYhXOSl3RgXocfqRpqrUcLyMk0YZrXGyLofym7 BAHpW/GWmhol6xvgX0OSXEZScrFh+4i8NN6cKUpD2ZiwONmVEXbEH0HvwFT/dvAluxzi sWshd83jMDXz1qn5LIazrPqB+9/l6nspXHS6vr9UxmFwRAFu61Qbfn1qM76uQUhumtku Ggous6Pl+S64CZQptK+WQnGOCZ8L+eN5PFBMqrhyTtDfDFvPHVK2BDS6177V2w3+6MMN DQ3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature :arc-authentication-results; bh=tUuHKByBXiaqRSPHduhlUz9RuLqk8Jo337xoXkunP/g=; b=ngl2qwdr7Icb54M40LWpEO5SnuTXBhwTBQ9AvhCw3DoOYhB2EPOsS3qRAvJmCCxGAG HAgV60IIv9qnMwdGIH/GL1MKQSJ5mICRLGPAyLwQMaqHPpaBIRmuAvQ3oWTBwb8w7zAH Qz2Eb2awqIHvS+Q3CIByc8HWC08l/z+X/My4UwEky7GQ49QCPwWP13b7dgKBNMWixXn7 3Zg1J/T2TAXZsnnX1/YZlEJ+8TsIBqPkNcVQxzXU2kdPRSOQyf96JqS0xarwkMJzCZb1 NT2+2m5CKBe9PacpH0i/WAegL/cqSH+tG0N2Ok3BvkrIIKS59U1FeSi6yu4LgRJfqxJp +Fcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=YADzj9OL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g6-v6si15752185pll.69.2018.05.21.14.51.33; Mon, 21 May 2018 14:51:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=YADzj9OL; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932103AbeEUVXE (ORCPT + 99 others); Mon, 21 May 2018 17:23:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:37814 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754317AbeEUVW4 (ORCPT ); Mon, 21 May 2018 17:22:56 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9021C20871; Mon, 21 May 2018 21:22:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1526937776; bh=ajBMe+DVrWxCmH7Gxgt2BBWEExoWOfX7mBQ0idSpNeY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YADzj9OLeKCVcepY7VT2ifwG541F542yZOsgarCGiCvwNYN23hsClvIdV9CRMjZ0l j/f6NIJpBmn/VjGaKej6C91YF6aMzxm5QD0+PtAe8SORVT0cH1hQ/rhxQUydqlpOSi NJ3w1+Uud8wfOqguWgeYcEiE2ykxpw/QG/D+41mA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pierre Morel , Dong Jia Shi , Halil Pasic , Cornelia Huck , Martin Schwidefsky Subject: [PATCH 4.16 021/110] vfio: ccw: fix cleanup if cp_prefetch fails Date: Mon, 21 May 2018 23:11:18 +0200 Message-Id: <20180521210505.740716749@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180521210503.823249477@linuxfoundation.org> References: <20180521210503.823249477@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.16-stable review patch. If anyone has any objections, please let me know. ------------------ From: Halil Pasic commit d66a7355717ec903d455277a550d930ba13df4a8 upstream. If the translation of a channel program fails, we may end up attempting to clean up (free, unpin) stuff that never got translated (and allocated, pinned) in the first place. By adjusting the lengths of the chains accordingly (so the element that failed, and all subsequent elements are excluded) cleanup activities based on false assumptions can be avoided. Let's make sure cp_free works properly after cp_prefetch returns with an error by setting ch_len of a ccw chain to the number of the translated CCWs on that chain. Cc: stable@vger.kernel.org #v4.12+ Acked-by: Pierre Morel Reviewed-by: Dong Jia Shi Signed-off-by: Halil Pasic Signed-off-by: Dong Jia Shi Message-Id: <20180423110113.59385-2-bjsdjshi@linux.vnet.ibm.com> [CH: fixed typos] Signed-off-by: Cornelia Huck Signed-off-by: Martin Schwidefsky Signed-off-by: Greg Kroah-Hartman --- drivers/s390/cio/vfio_ccw_cp.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) --- a/drivers/s390/cio/vfio_ccw_cp.c +++ b/drivers/s390/cio/vfio_ccw_cp.c @@ -715,6 +715,10 @@ void cp_free(struct channel_program *cp) * and stores the result to ccwchain list. @cp must have been * initialized by a previous call with cp_init(). Otherwise, undefined * behavior occurs. + * For each chain composing the channel program: + * - On entry ch_len holds the count of CCWs to be translated. + * - On exit ch_len is adjusted to the count of successfully translated CCWs. + * This allows cp_free to find in ch_len the count of CCWs to free in a chain. * * The S/390 CCW Translation APIS (prefixed by 'cp_') are introduced * as helpers to do ccw chain translation inside the kernel. Basically @@ -749,11 +753,18 @@ int cp_prefetch(struct channel_program * for (idx = 0; idx < len; idx++) { ret = ccwchain_fetch_one(chain, idx, cp); if (ret) - return ret; + goto out_err; } } return 0; +out_err: + /* Only cleanup the chain elements that were actually translated. */ + chain->ch_len = idx; + list_for_each_entry_continue(chain, &cp->ccwchain_list, next) { + chain->ch_len = 0; + } + return ret; } /**