[PATCH] vfio/type1: fix vaddr_get_pfns() return in vfio_pin_page_external()

* [PATCH] vfio/type1: fix vaddr_get_pfns() return in vfio_pin_page_external()
@ 2021-03-08 17:24 Daniel Jordan
  2021-03-15  3:17 ` Keqian Zhu
  0 siblings, 1 reply; 2+ messages in thread
From: Daniel Jordan @ 2021-03-08 17:24 UTC (permalink / raw)
  To: Alex Williamson, Cornelia Huck; +Cc: kvm, linux-kernel, Daniel Jordan

vaddr_get_pfns() now returns the positive number of pfns successfully
gotten instead of zero.  vfio_pin_page_external() might return 1 to
vfio_iommu_type1_pin_pages(), which will treat it as an error, if
vaddr_get_pfns() is successful but vfio_pin_page_external() doesn't
reach vfio_lock_acct().

Fix it up in vfio_pin_page_external().  Found by inspection.

Fixes: be16c1fd99f4 ("vfio/type1: Change success value of vaddr_get_pfn()")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
---

I couldn't test this due to lack of hardware.

 drivers/vfio/vfio_iommu_type1.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/vfio/vfio_iommu_type1.c b/drivers/vfio/vfio_iommu_type1.c
index 4bb162c1d649..2a0e3b3ce206 100644
--- a/drivers/vfio/vfio_iommu_type1.c
+++ b/drivers/vfio/vfio_iommu_type1.c
@@ -785,7 +785,12 @@ static int vfio_pin_page_external(struct vfio_dma *dma, unsigned long vaddr,
 		return -ENODEV;
 
 	ret = vaddr_get_pfns(mm, vaddr, 1, dma->prot, pfn_base, pages);
-	if (ret == 1 && do_accounting && !is_invalid_reserved_pfn(*pfn_base)) {
+	if (ret != 1)
+		goto out;
+
+	ret = 0;
+
+	if (do_accounting && !is_invalid_reserved_pfn(*pfn_base)) {
 		ret = vfio_lock_acct(dma, 1, true);
 		if (ret) {
 			put_pfn(*pfn_base, dma->prot);
@@ -797,6 +802,7 @@ static int vfio_pin_page_external(struct vfio_dma *dma, unsigned long vaddr,
 		}
 	}
 
+out:
 	mmput(mm);
 	return ret;
 }

base-commit: 144c79ef33536b4ecb4951e07dbc1f2b7fa99d32
-- 
2.30.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread