Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1751174ybl;
        Sat, 11 Jan 2020 02:05:26 -0800 (PST)
X-Google-Smtp-Source: APXvYqyUlsc1uU7nRETTH73zfm2NrKRnCS+pmNOlpPWiB17WaDuTd9Ap3zDMz5XxHNKezjdWy6o9
X-Received: by 2002:a05:6808:10d:: with SMTP id b13mr5929528oie.69.1578737126296;
        Sat, 11 Jan 2020 02:05:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1578737126; cv=none;
        d=google.com; s=arc-20160816;
        b=vNfC6uqYO6mb2OwBQH+0dDp3opH30l2mNuAlVxPX8OBJle354UZttprbDLemYidEjc
         8pNTIwOarMuj83hBsnkx+Cynze1cUMsGd4JYujK8BU9GF16UcsWyyUs2Y2weeUfUgUN1
         udbk+8uOcP3idcL6koJSTgGKg1gLx2Of6lSIlF8mtwzJRiwOJK3rjUCotWcAKBUfAdiT
         o1fIp98iKttXpn7jajA93ZxyQ07QYRnjpOd9IHJ8MBB7I5Ly7o5CvL/sOs15YmaANUef
         2bvbMtrY7ybV9GQ2BHHLqK960I3R5pyVgQmxTk27iASN74VY6pwEosWhcEyR0i7YzEFd
         /o5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=9osrpu2cgVucMkhfbQbkazWiDCgjQkZLthg7jC05yeI=;
        b=FAbV433Q/bQltKP8bCNZdLtpRS8zKp5n0C5iFCdbRqIM3gvmY2//SK+heHTg5nJFyD
         qdQhp7OdI82BPffyZzs9KL3sZBF4/pN2O17NPJAwJpO64Jt8AFJctdbxJwBRGbVvwgVQ
         58I/qgdY2NfC6M1XOPCqN3cqc5/gshOiT1E1FY9pqBf+PxhwKBr8pyktVpk9nemYoElE
         XVytsKdkgP2T3VJB8TYSc3yL+uKBB8085FPORdM8Fc2IZ8SvVb7MwJxWfe5+QuIQAZ8j
         5R4vTjf8XIEfw4pVpuP8l491gXj6Zah5qNHxKdOAJ7n37JuToREqiLjxk9QCFqNaBqoh
         nQFA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Zng8ASsN;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d8si3667140oti.306.2020.01.11.02.05.14;
        Sat, 11 Jan 2020 02:05:26 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Zng8ASsN;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729004AbgAKKEX (ORCPT <rfc822;lxz1983@gmail.com> + 99 others);
        Sat, 11 Jan 2020 05:04:23 -0500
Received: from mail.kernel.org ([198.145.29.99]:36442 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729510AbgAKKEV (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 11 Jan 2020 05:04:21 -0500
Received: from localhost (unknown [62.119.166.9])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id B0F9F2082E;
        Sat, 11 Jan 2020 10:04:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1578737060;
        bh=p5dwTaPMJdCvDh7Dvuak61KLF/ftAgyeRcG3MUwknos=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=Zng8ASsNEOAQViXfEL/Z/sAUctKKDvxHp5LovM76RcO6jPvzBhSdX2YLHDU75vr/O
         Odmp4vRPgUMq197oLt1a35OmGA1E27YvqRcfvLknaA/zZ0YOmLQiJshP5PXIyOenUP
         cOEoCL8tPkG8Pxl2LmblM8XZSjgbknQLTGtGv0j8=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, David Woodhouse <dwmw@amazon.de>,
        Maximilian Heyne <mheyne@amazon.de>,
        Paul Durrant <pdurrant@amazon.co.uk>,
        =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>,
        SeongJae Park <sjpark@amazon.de>, Jens Axboe <axboe@kernel.dk>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 54/91] xen/blkback: Avoid unmapping unmapped grant pages
Date:   Sat, 11 Jan 2020 10:49:47 +0100
Message-Id: <20200111094905.256448047@linuxfoundation.org>
X-Mailer: git-send-email 2.24.1
In-Reply-To: <20200111094844.748507863@linuxfoundation.org>
References: <20200111094844.748507863@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: SeongJae Park <sjpark@amazon.de>

[ Upstream commit f9bd84a8a845d82f9b5a081a7ae68c98a11d2e84 ]

For each I/O request, blkback first maps the foreign pages for the
request to its local pages.  If an allocation of a local page for the
mapping fails, it should unmap every mapping already made for the
request.

However, blkback's handling mechanism for the allocation failure does
not mark the remaining foreign pages as unmapped.  Therefore, the unmap
function merely tries to unmap every valid grant page for the request,
including the pages not mapped due to the allocation failure.  On a
system that fails the allocation frequently, this problem leads to
following kernel crash.

  [  372.012538] BUG: unable to handle kernel NULL pointer dereference at 0000000000000001
  [  372.012546] IP: [<ffffffff814071ac>] gnttab_unmap_refs.part.7+0x1c/0x40
  [  372.012557] PGD 16f3e9067 PUD 16426e067 PMD 0
  [  372.012562] Oops: 0002 [#1] SMP
  [  372.012566] Modules linked in: act_police sch_ingress cls_u32
  ...
  [  372.012746] Call Trace:
  [  372.012752]  [<ffffffff81407204>] gnttab_unmap_refs+0x34/0x40
  [  372.012759]  [<ffffffffa0335ae3>] xen_blkbk_unmap+0x83/0x150 [xen_blkback]
  ...
  [  372.012802]  [<ffffffffa0336c50>] dispatch_rw_block_io+0x970/0x980 [xen_blkback]
  ...
  Decompressing Linux... Parsing ELF... done.
  Booting the kernel.
  [    0.000000] Initializing cgroup subsys cpuset

This commit fixes this problem by marking the grant pages of the given
request that didn't mapped due to the allocation failure as invalid.

Fixes: c6cc142dac52 ("xen-blkback: use balloon pages for all mappings")

Reviewed-by: David Woodhouse <dwmw@amazon.de>
Reviewed-by: Maximilian Heyne <mheyne@amazon.de>
Reviewed-by: Paul Durrant <pdurrant@amazon.co.uk>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Signed-off-by: SeongJae Park <sjpark@amazon.de>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/block/xen-blkback/blkback.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c
index d6eaaa25d1cc..a700e525535c 100644
--- a/drivers/block/xen-blkback/blkback.c
+++ b/drivers/block/xen-blkback/blkback.c
@@ -929,6 +929,8 @@ next:
 out_of_memory:
 	pr_alert("%s: out of memory\n", __func__);
 	put_free_pages(ring, pages_to_gnt, segs_to_map);
+	for (i = last_map; i < num; i++)
+		pages[i]->handle = BLKBACK_INVALID_HANDLE;
 	return -ENOMEM;
 }
 
-- 
2.20.1