Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1581455pxb; Mon, 22 Feb 2021 05:57:21 -0800 (PST) X-Google-Smtp-Source: ABdhPJyHhuPPgmy0moOlJAg3dgOrcCFTV6nkAo4PXlY3jisd++AWW10fcDyQw7n+p6/J00cgGBiw X-Received: by 2002:a17:906:5195:: with SMTP id y21mr21389995ejk.345.1614002241534; Mon, 22 Feb 2021 05:57:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614002241; cv=none; d=google.com; s=arc-20160816; b=iAW/wdODM0VUsvoCHCTHFp55qY6tjuqaLvVlnXN1sztG9ph0/1UhXKePCNIVDOI19a rtvFctzMAZqpSQpGwTwIOKlpDM6h3/I6wlepFknZI/6oN0ibWbxBFlV0KiYtzBsYRY07 vlBz6rz5CU1U4LXdfrGV5+Cg3v1ZQR2KnGKCYE+v+BsyvPINK1WIqqgrFgZtFPQLPDLx rjyW8XA2VPc/XP6IgJ8LSZl8F2VkXwWCwa7SIMtpiSmx4pKuRQg9UCRThItI+V7+5KIX ZlxU6iCnk9ONnIuVndLIfxBeTVOxIn+0sMYZBiehbPccTLxTQmSegJ2al/aTq3W16Pcb w+3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=CwOVMsMV8d5b6tJmNUyXvEc4hoVEmbDB62Cs7cgz3H0=; b=o3PLP1NCAp2mP+xNvAXUrRtlH8B4wVxMJf2cpb5mIXkzNaB9TCU0VxGe4e1wqvkIuZ Yf340m4zfXJbmefG05sYiPPBKFwXCZYWMRyFG7ssHBUOpBVrZKBNbysFS5t7T0bFHxnj JZDtcFS0I2nmcyOv39Jpko9s/OUgSBONMgm1fmc23orsql9P8K3w7XiFvRZAwK3rCvxd PpZ7olNIlqcefFC6oVhVuum1SUZ4wKyHXu4o6xLW2gsuTCoy5/ZHZJ29ApVjiF8tpbLO 41a4e+uCFUf3RsKT1tA7+15tJIoxJ4OnJ2i6WUXojRVzM13gbdwKvL//6k8Gw7SvtbTJ YFgw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=disfU3YR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jz7si12016538ejb.476.2021.02.22.05.56.58; Mon, 22 Feb 2021 05:57:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=disfU3YR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231438AbhBVN4J (ORCPT + 99 others); Mon, 22 Feb 2021 08:56:09 -0500 Received: from mail.kernel.org ([198.145.29.99]:57106 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230177AbhBVMrP (ORCPT ); Mon, 22 Feb 2021 07:47:15 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9A89064F02; Mon, 22 Feb 2021 12:42:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1613997743; bh=a8ainKRhLo+3BhY0XHJ8m4yKk7gb4ywNlu2ioz15J6Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=disfU3YRHuVxemeXdekgWikWpRGenSQuzn/yFF2K6olHyb7VdIyy17kR0xYWK26Gx mL9FNH9AazatrTOW122cCYMZF+V/PTh7Edbh08q4nMTx4jm6e2bw7W8XBeuuG08HOH 7o9lHIZTWcgUrIEBJJ8CmjMG76sNPY2gkr68Xx5g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jan Beulich , Juergen Gross Subject: [PATCH 4.9 42/49] Xen/gntdev: correct error checking in gntdev_map_grant_pages() Date: Mon, 22 Feb 2021 13:36:40 +0100 Message-Id: <20210222121028.013549050@linuxfoundation.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210222121022.546148341@linuxfoundation.org> References: <20210222121022.546148341@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jan Beulich commit ebee0eab08594b2bd5db716288a4f1ae5936e9bc upstream. Failure of the kernel part of the mapping operation should also be indicated as an error to the caller, or else it may assume the respective kernel VA is okay to access. Furthermore gnttab_map_refs() failing still requires recording successfully mapped handles, so they can be unmapped subsequently. This in turn requires there to be a way to tell full hypercall failure from partial success - preset map_op status fields such that they won't "happen" to look as if the operation succeeded. Also again use GNTST_okay instead of implying its value (zero). This is part of XSA-361. Signed-off-by: Jan Beulich Cc: stable@vger.kernel.org Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross Signed-off-by: Greg Kroah-Hartman --- drivers/xen/gntdev.c | 17 +++++++++-------- include/xen/grant_table.h | 1 + 2 files changed, 10 insertions(+), 8 deletions(-) --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -318,21 +318,22 @@ static int map_grant_pages(struct grant_ pr_debug("map %d+%d\n", map->index, map->count); err = gnttab_map_refs(map->map_ops, use_ptemod ? map->kmap_ops : NULL, map->pages, map->count); - if (err) - return err; for (i = 0; i < map->count; i++) { - if (map->map_ops[i].status) { + if (map->map_ops[i].status == GNTST_okay) + map->unmap_ops[i].handle = map->map_ops[i].handle; + else if (!err) err = -EINVAL; - continue; - } if (map->flags & GNTMAP_device_map) map->unmap_ops[i].dev_bus_addr = map->map_ops[i].dev_bus_addr; - map->unmap_ops[i].handle = map->map_ops[i].handle; - if (use_ptemod) - map->kunmap_ops[i].handle = map->kmap_ops[i].handle; + if (use_ptemod) { + if (map->kmap_ops[i].status == GNTST_okay) + map->kunmap_ops[i].handle = map->kmap_ops[i].handle; + else if (!err) + err = -EINVAL; + } } return err; } --- a/include/xen/grant_table.h +++ b/include/xen/grant_table.h @@ -157,6 +157,7 @@ gnttab_set_map_op(struct gnttab_map_gran map->flags = flags; map->ref = ref; map->dom = domid; + map->status = 1; /* arbitrary positive value */ } static inline void