[PATCH 1/2] xen/gntdev: Fix off-by-one error when unmapping with holes

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 1/2] xen/gntdev: Fix off-by-one error when unmapping with holes
@ 2018-01-09 12:10 Ross Lagerwall
  2018-01-09 12:10 ` [PATCH 2/2] xen/gntdev: Fix partial gntdev_mmap() cleanup Ross Lagerwall
  2018-01-10  1:16 ` [PATCH 1/2] xen/gntdev: Fix off-by-one error when unmapping with holes Boris Ostrovsky
  0 siblings, 2 replies; 5+ messages in thread
From: Ross Lagerwall @ 2018-01-09 12:10 UTC (permalink / raw)
  To: xen-devel; +Cc: Ross Lagerwall, Boris Ostrovsky, Juergen Gross, linux-kernel

If the requested range has a hole, the calculation of the number of
pages to unmap is off by one. Fix it.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 drivers/xen/gntdev.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 57efbd3..d3391a1 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -380,10 +380,8 @@ static int unmap_grant_pages(struct grant_map *map, int offset, int pages)
 		}
 		range = 0;
 		while (range < pages) {
-			if (map->unmap_ops[offset+range].handle == -1) {
-				range--;
+			if (map->unmap_ops[offset+range].handle == -1)
 				break;
-			}
 			range++;
 		}
 		err = __unmap_grant_pages(map, offset, range);
-- 
2.9.5

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH 2/2] xen/gntdev: Fix partial gntdev_mmap() cleanup
  2018-01-09 12:10 [PATCH 1/2] xen/gntdev: Fix off-by-one error when unmapping with holes Ross Lagerwall
@ 2018-01-09 12:10 ` Ross Lagerwall
  2018-01-10  1:22   ` Boris Ostrovsky
  2018-01-10  1:16 ` [PATCH 1/2] xen/gntdev: Fix off-by-one error when unmapping with holes Boris Ostrovsky
  1 sibling, 1 reply; 5+ messages in thread
From: Ross Lagerwall @ 2018-01-09 12:10 UTC (permalink / raw)
  To: xen-devel; +Cc: Ross Lagerwall, Boris Ostrovsky, Juergen Gross, linux-kernel

When cleaning up after a partially successful gntdev_mmap(), unmap the
successfully mapped grant pages otherwise Xen will kill the domain if
in debug mode (Attempt to implicitly unmap a granted PTE) or Linux will
kill the process and emit "BUG: Bad page map in process" if Xen is in
release mode.

This is only needed when use_ptemod is true because gntdev_put_map()
will unmap grant pages itself when use_ptemod is false.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 drivers/xen/gntdev.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index d3391a1..bd56653 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -1071,8 +1071,10 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
 out_unlock_put:
 	mutex_unlock(&priv->lock);
 out_put_map:
-	if (use_ptemod)
+	if (use_ptemod) {
 		map->vma = NULL;
+		unmap_grant_pages(map, 0, map->count);
+	}
 	gntdev_put_map(priv, map);
 	return err;
 }
-- 
2.9.5

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH 1/2] xen/gntdev: Fix off-by-one error when unmapping with holes
  2018-01-09 12:10 [PATCH 1/2] xen/gntdev: Fix off-by-one error when unmapping with holes Ross Lagerwall
  2018-01-09 12:10 ` [PATCH 2/2] xen/gntdev: Fix partial gntdev_mmap() cleanup Ross Lagerwall
@ 2018-01-10  1:16 ` Boris Ostrovsky
  1 sibling, 0 replies; 5+ messages in thread
From: Boris Ostrovsky @ 2018-01-10  1:16 UTC (permalink / raw)
  To: Ross Lagerwall, xen-devel; +Cc: Juergen Gross, linux-kernel



On 01/09/2018 07:10 AM, Ross Lagerwall wrote:
> If the requested range has a hole, the calculation of the number of
> pages to unmap is off by one. Fix it.
> 
> Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 2/2] xen/gntdev: Fix partial gntdev_mmap() cleanup
  2018-01-09 12:10 ` [PATCH 2/2] xen/gntdev: Fix partial gntdev_mmap() cleanup Ross Lagerwall
@ 2018-01-10  1:22   ` Boris Ostrovsky
  2018-01-10  9:11     ` Ross Lagerwall
  0 siblings, 1 reply; 5+ messages in thread
From: Boris Ostrovsky @ 2018-01-10  1:22 UTC (permalink / raw)
  To: Ross Lagerwall, xen-devel; +Cc: Juergen Gross, linux-kernel



On 01/09/2018 07:10 AM, Ross Lagerwall wrote:
> When cleaning up after a partially successful gntdev_mmap(), unmap the
> successfully mapped grant pages otherwise Xen will kill the domain if
> in debug mode (Attempt to implicitly unmap a granted PTE) or Linux will
> kill the process and emit "BUG: Bad page map in process" if Xen is in
> release mode.
> 
> This is only needed when use_ptemod is true because gntdev_put_map()
> will unmap grant pages itself when use_ptemod is false.
> 
> Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>

although I wonder whether it may be possible to have gntdev_put_map() 
figure whether to unmap the pages if use_ptemod is set.

> ---
>   drivers/xen/gntdev.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
> index d3391a1..bd56653 100644
> --- a/drivers/xen/gntdev.c
> +++ b/drivers/xen/gntdev.c
> @@ -1071,8 +1071,10 @@ static int gntdev_mmap(struct file *flip, struct vm_area_struct *vma)
>   out_unlock_put:
>   	mutex_unlock(&priv->lock);
>   out_put_map:
> -	if (use_ptemod)
> +	if (use_ptemod) {
>   		map->vma = NULL;
> +		unmap_grant_pages(map, 0, map->count);
> +	}
>   	gntdev_put_map(priv, map);
>   	return err;
>   }
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH 2/2] xen/gntdev: Fix partial gntdev_mmap() cleanup
  2018-01-10  1:22   ` Boris Ostrovsky
@ 2018-01-10  9:11     ` Ross Lagerwall
  0 siblings, 0 replies; 5+ messages in thread
From: Ross Lagerwall @ 2018-01-10  9:11 UTC (permalink / raw)
  To: Boris Ostrovsky, xen-devel; +Cc: Juergen Gross, linux-kernel

On 01/10/2018 01:22 AM, Boris Ostrovsky wrote:
> 
> 
> On 01/09/2018 07:10 AM, Ross Lagerwall wrote:
>> When cleaning up after a partially successful gntdev_mmap(), unmap the
>> successfully mapped grant pages otherwise Xen will kill the domain if
>> in debug mode (Attempt to implicitly unmap a granted PTE) or Linux will
>> kill the process and emit "BUG: Bad page map in process" if Xen is in
>> release mode.
>>
>> This is only needed when use_ptemod is true because gntdev_put_map()
>> will unmap grant pages itself when use_ptemod is false.
>>
>> Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
> 
> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
> 
> although I wonder whether it may be possible to have gntdev_put_map() 
> figure whether to unmap the pages if use_ptemod is set.

It was a while since I wrote this patch, but IIRC when use_ptemod is 
set, successfully mmapped pages are unmapped via the mmu_notifier 
release callback. So doing it in gntdev_put_map() isn't possible without 
further changes.

-- 
Ross Lagerwall

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2018-01-10  9:11 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-09 12:10 [PATCH 1/2] xen/gntdev: Fix off-by-one error when unmapping with holes Ross Lagerwall
2018-01-09 12:10 ` [PATCH 2/2] xen/gntdev: Fix partial gntdev_mmap() cleanup Ross Lagerwall
2018-01-10  1:22   ` Boris Ostrovsky
2018-01-10  9:11     ` Ross Lagerwall
2018-01-10  1:16 ` [PATCH 1/2] xen/gntdev: Fix off-by-one error when unmapping with holes Boris Ostrovsky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).