From: Ian Campbell Date: Fri, 4 Mar 2011 17:38:21 +0000 (+0000) Subject: xen/p2m/m2p/gnttab: do not add failed grant maps to m2p override X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=dc4972a4e2f3fee1663bd0670dfc4cd798d5f9b2;p=linux-beck.git xen/p2m/m2p/gnttab: do not add failed grant maps to m2p override The caller will not undo a mapping which failed and therefore the override will not be removed. This is especially bad in the case of GNTMAP_contains_pte mapping type mappings where m2p_add_override will destroy the kernel mapping of the page. This was observed via a failure of map_grant_pages in gntdev_mmap (due to userspace using a bad grant reference), which left the page in question unmapped (because it was a GNTMAP_contains_pte mapping) which led to a crash later on. Signed-off-by: Ian Campbell Cc: Daniel De Graaf Cc: Stefano Stabellini Cc: Jeremy Fitzhardinge Signed-off-by: Konrad Rzeszutek Wilk --- diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c index 9428ced04807..3745a318defc 100644 --- a/drivers/xen/grant-table.c +++ b/drivers/xen/grant-table.c @@ -462,6 +462,10 @@ int gnttab_map_refs(struct gnttab_map_grant_ref *map_ops, return ret; for (i = 0; i < count; i++) { + /* Do not add to override if the map failed. */ + if (map_ops[i].status) + continue; + /* m2p override only supported for GNTMAP_contains_pte mappings */ if (!(map_ops[i].flags & GNTMAP_contains_pte)) continue;