Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1569824pxb; Mon, 22 Feb 2021 05:37:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJynDnbT0CWCe4ayygZX6UnGue1fMIRnC4x5LJCCIVoJZCffSYBYDUGfRvaNWeXcUIEqQExn X-Received: by 2002:a05:6402:268a:: with SMTP id w10mr22635044edd.331.1614001063608; Mon, 22 Feb 2021 05:37:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614001063; cv=none; d=google.com; s=arc-20160816; b=HLvYmNCUYPe6zsamhqNbl1FqUu0MJMEGigPJUfUtDkehDCE0kTIrTpKkhzsw1dWb6R 8lYmnHbTpJMZR8XP4mjIpgLQezx7MJoo6p3O8hkgOvK6NKm7R7bcAdiwaZ3KlSJWwEwi uYn39BtFeFv0Ytunalr8SNHdle1jhpGlaX+sjLFLiGJ59FIS7EZPCCyyY4YUireZttz6 fGTJWZG9YO/6ytRpE4wpvuKv0chq56VJbtwRFnslix/BpZOKsXiWV+zeZ/yXL5JrI5lI Vv5NYJfmKmaQWza7VdCRyQqMGgfQBYsUaE7vjpUUhTbllfN6Kngcu8Efp52h8BFiGOvo 8ZSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=CwOVMsMV8d5b6tJmNUyXvEc4hoVEmbDB62Cs7cgz3H0=; b=qVFYqg74bdp2JLQX+jc2rhiwuZkWTu6/QxzdL0b5ZSuNgFnpJ/1rRPpbwgyicNK4bL BX0FrNSeYwFasWP17D+oUqZLlSMLETXnRome2SLyZnYXU+Enhbg264Z2sfm2tanxdfw8 y38k8qF5GobDpP8IsmbQ0HoBWIygRpArY9xJI2UCvWqKyK5HSFaMwMootfvVqsEP53Wo uWgaF9kBDWjiDS7j04wC3mSrGNAe7QLpk8X1EC1GkvMIKi9LPlWJZfS1EBWrItTjnTKs PGncWHDKozQfmL+By8BVa38klrzvQPjhuHvYO2w6HSj1twso+o8ZLRsXl2hpYjOVm2h9 ljQA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HKq0eJyE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y14si297570edc.561.2021.02.22.05.37.20; Mon, 22 Feb 2021 05:37:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HKq0eJyE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232103AbhBVNdl (ORCPT + 99 others); Mon, 22 Feb 2021 08:33:41 -0500 Received: from mail.kernel.org ([198.145.29.99]:53776 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231448AbhBVMmv (ORCPT ); Mon, 22 Feb 2021 07:42:51 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4CA5564F3A; Mon, 22 Feb 2021 12:40:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1613997604; bh=a8ainKRhLo+3BhY0XHJ8m4yKk7gb4ywNlu2ioz15J6Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HKq0eJyEvSWDI1rqgms48tu0we6IqKCaLbkzhwik9GRGARaK8qiGe7cPV81Mtqv5M Dp1TOMGoa0e5oIHVxmetyReYx64GwKe/40JzN4RaM2WgSjGsOM69G2ony3gvaGEdbq +kgM15qEYEFIbVqf4Ow8Tm/CtHvUXTurQlmJWsX0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jan Beulich , Juergen Gross Subject: [PATCH 4.4 28/35] Xen/gntdev: correct error checking in gntdev_map_grant_pages() Date: Mon, 22 Feb 2021 13:36:24 +0100 Message-Id: <20210222121021.928348335@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210222121013.581198717@linuxfoundation.org> References: <20210222121013.581198717@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jan Beulich commit ebee0eab08594b2bd5db716288a4f1ae5936e9bc upstream. Failure of the kernel part of the mapping operation should also be indicated as an error to the caller, or else it may assume the respective kernel VA is okay to access. Furthermore gnttab_map_refs() failing still requires recording successfully mapped handles, so they can be unmapped subsequently. This in turn requires there to be a way to tell full hypercall failure from partial success - preset map_op status fields such that they won't "happen" to look as if the operation succeeded. Also again use GNTST_okay instead of implying its value (zero). This is part of XSA-361. Signed-off-by: Jan Beulich Cc: stable@vger.kernel.org Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman --- drivers/xen/gntdev.c | 17 +++++++++-------- include/xen/grant_table.h | 1 + 2 files changed, 10 insertions(+), 8 deletions(-) --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -318,21 +318,22 @@ static int map_grant_pages(struct grant_ pr_debug("map %d+%d\n", map->index, map->count); err = gnttab_map_refs(map->map_ops, use_ptemod ? map->kmap_ops : NULL, map->pages, map->count); - if (err) - return err; for (i = 0; i < map->count; i++) { - if (map->map_ops[i].status) { + if (map->map_ops[i].status == GNTST_okay) + map->unmap_ops[i].handle = map->map_ops[i].handle; + else if (!err) err = -EINVAL; - continue; - } if (map->flags & GNTMAP_device_map) map->unmap_ops[i].dev_bus_addr = map->map_ops[i].dev_bus_addr; - map->unmap_ops[i].handle = map->map_ops[i].handle; - if (use_ptemod) - map->kunmap_ops[i].handle = map->kmap_ops[i].handle; + if (use_ptemod) { + if (map->kmap_ops[i].status == GNTST_okay) + map->kunmap_ops[i].handle = map->kmap_ops[i].handle; + else if (!err) + err = -EINVAL; + } } return err; } --- a/include/xen/grant_table.h +++ b/include/xen/grant_table.h @@ -157,6 +157,7 @@ gnttab_set_map_op(struct gnttab_map_gran map->flags = flags; map->ref = ref; map->dom = domid; + map->status = 1; /* arbitrary positive value */ } static inline void