diff options
author | Ian Campbell <ian.campbell@citrix.com> | 2011-03-04 18:38:21 +0100 |
---|---|---|
committer | Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | 2011-03-10 01:59:10 +0100 |
commit | dc4972a4e2f3fee1663bd0670dfc4cd798d5f9b2 (patch) | |
tree | ef9c352dbe4b7db8fc11af2bd5e583f447b6f026 /drivers/xen | |
parent | xen-gntdev: Add cast to pointer (diff) | |
download | linux-dc4972a4e2f3fee1663bd0670dfc4cd798d5f9b2.tar.xz linux-dc4972a4e2f3fee1663bd0670dfc4cd798d5f9b2.zip |
xen/p2m/m2p/gnttab: do not add failed grant maps to m2p override
The caller will not undo a mapping which failed and therefore the
override will not be removed.
This is especially bad in the case of GNTMAP_contains_pte mapping type
mappings where m2p_add_override will destroy the kernel mapping of the
page.
This was observed via a failure of map_grant_pages in gntdev_mmap (due
to userspace using a bad grant reference), which left the page in
question unmapped (because it was a GNTMAP_contains_pte mapping) which
led to a crash later on.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Cc: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Diffstat (limited to 'drivers/xen')
-rw-r--r-- | drivers/xen/grant-table.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c index 9428ced04807..3745a318defc 100644 --- a/drivers/xen/grant-table.c +++ b/drivers/xen/grant-table.c @@ -462,6 +462,10 @@ int gnttab_map_refs(struct gnttab_map_grant_ref *map_ops, return ret; for (i = 0; i < count; i++) { + /* Do not add to override if the map failed. */ + if (map_ops[i].status) + continue; + /* m2p override only supported for GNTMAP_contains_pte mappings */ if (!(map_ops[i].flags & GNTMAP_contains_pte)) continue; |