summaryrefslogtreecommitdiffstats
path: root/drivers/xen
diff options
context:
space:
mode:
authorIan Campbell <ian.campbell@citrix.com>2011-03-04 18:38:21 +0100
committerKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>2011-03-10 01:59:10 +0100
commitdc4972a4e2f3fee1663bd0670dfc4cd798d5f9b2 (patch)
treeef9c352dbe4b7db8fc11af2bd5e583f447b6f026 /drivers/xen
parentxen-gntdev: Add cast to pointer (diff)
downloadlinux-dc4972a4e2f3fee1663bd0670dfc4cd798d5f9b2.tar.xz
linux-dc4972a4e2f3fee1663bd0670dfc4cd798d5f9b2.zip
xen/p2m/m2p/gnttab: do not add failed grant maps to m2p override
The caller will not undo a mapping which failed and therefore the override will not be removed. This is especially bad in the case of GNTMAP_contains_pte mapping type mappings where m2p_add_override will destroy the kernel mapping of the page. This was observed via a failure of map_grant_pages in gntdev_mmap (due to userspace using a bad grant reference), which left the page in question unmapped (because it was a GNTMAP_contains_pte mapping) which led to a crash later on. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov> Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Cc: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Diffstat (limited to 'drivers/xen')
-rw-r--r--drivers/xen/grant-table.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c
index 9428ced04807..3745a318defc 100644
--- a/drivers/xen/grant-table.c
+++ b/drivers/xen/grant-table.c
@@ -462,6 +462,10 @@ int gnttab_map_refs(struct gnttab_map_grant_ref *map_ops,
return ret;
for (i = 0; i < count; i++) {
+ /* Do not add to override if the map failed. */
+ if (map_ops[i].status)
+ continue;
+
/* m2p override only supported for GNTMAP_contains_pte mappings */
if (!(map_ops[i].flags & GNTMAP_contains_pte))
continue;