openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/xen
History
Souptick Joarder 8d1502f629 xen/gntdev.c: Replace vm_map_pages() with vm_map_pages_zero() 
'commit df9bde015a ("xen/gntdev.c: convert to use vm_map_pages()")'
breaks gntdev driver. If vma->vm_pgoff > 0, vm_map_pages()
will:
 - use map->pages starting at vma->vm_pgoff instead of 0
 - verify map->count against vma_pages()+vma->vm_pgoff instead of just
   vma_pages().

In practice, this breaks using a single gntdev FD for mapping multiple
grants.

relevant strace output:
[pid   857] ioctl(7, IOCTL_GNTDEV_MAP_GRANT_REF, 0x7ffd3407b6d0) = 0
[pid   857] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 7, 0) =
0x777f1211b000
[pid   857] ioctl(7, IOCTL_GNTDEV_SET_UNMAP_NOTIFY, 0x7ffd3407b710) = 0
[pid   857] ioctl(7, IOCTL_GNTDEV_MAP_GRANT_REF, 0x7ffd3407b6d0) = 0
[pid   857] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_SHARED, 7,
0x1000) = -1 ENXIO (No such device or address)

details here:
https://github.com/QubesOS/qubes-issues/issues/5199

The reason is -> ( copying Marek's word from discussion)

vma->vm_pgoff is used as index passed to gntdev_find_map_index. It's
basically using this parameter for "which grant reference to map".
map struct returned by gntdev_find_map_index() describes just the pages
to be mapped. Specifically map->pages[0] should be mapped at
vma->vm_start, not vma->vm_start+vma->vm_pgoff*PAGE_SIZE.

When trying to map grant with index (aka vma->vm_pgoff) > 1,
__vm_map_pages() will refuse to map it because it will expect map->count
to be at least vma_pages(vma)+vma->vm_pgoff, while it is exactly
vma_pages(vma).

Converting vm_map_pages() to use vm_map_pages_zero() will fix the
problem.

Marek has tested and confirmed the same.

Cc: stable@vger.kernel.org # v5.2+
Fixes: df9bde015a ("xen/gntdev.c: convert to use vm_map_pages()")

Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com>
Tested-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
 		2019-07-31 08:13:59 +02:00
..
events xen/events: fix binding user event channels to cpus 2019-07-17 08:09:57 +02:00
xen-pciback xen/pciback: remove set but not used variable 'old_state' 2019-07-26 10:29:05 +02:00
xenbus xen: fixes for 5.2-rc3 2019-05-31 10:53:34 -07:00
xenfs treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Kconfig xen: remove tmem driver 2019-07-17 08:09:58 +02:00
Makefile xen: remove tmem driver 2019-07-17 08:09:58 +02:00
acpi.c
arm-device.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201 2019-05-30 11:29:52 -07:00
balloon.c xen: let alloc_xenballooned_pages() fail if not enough memory free 2019-07-18 06:44:24 +02:00
biomerge.c block: pass page to xen_biovec_phys_mergeable 2019-04-01 12:11:13 -06:00
cpu_hotplug.c xen, cpu_hotplug: Prevent an out of bounds access 2019-03-08 17:58:14 +01:00
dbgp.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
efi.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
evtchn.c xen/events: fix binding user event channels to cpus 2019-07-17 08:09:57 +02:00
features.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
gntalloc.c mm: treewide: remove GFP_TEMPORARY allocation flag 2017-09-13 18:53:16 -07:00
gntdev-common.h xen/gntdev: Add initial support for dma-buf UAPI 2018-07-26 23:05:14 -04:00
gntdev-dmabuf.c xen/gntdev: Check and release imported dma-bufs on close 2019-02-18 06:50:10 +01:00
gntdev-dmabuf.h xen/gntdev: Do not destroy context while dma-bufs are in use 2019-02-18 06:50:03 +01:00
gntdev.c xen/gntdev.c: Replace vm_map_pages() with vm_map_pages_zero() 2019-07-31 08:13:59 +02:00
grant-table.c xen: fixes for 4.20-rc2 2018-11-10 08:58:48 -06:00
manage.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
mcelog.c xen/mcelog: eliminate redundant setting of interface version 2018-08-20 14:46:18 -04:00
mem-reservation.c xen/balloon: add runtime control for scrubbing ballooned out pages 2018-09-14 08:51:10 -04:00
pci.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 320 2019-06-05 17:37:05 +02:00
pcpu.c
platform-pci.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 320 2019-06-05 17:37:05 +02:00
preempt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 135 2019-05-30 11:25:15 -07:00
privcmd-buf.c xen/privcmd-buf.c: convert to use vm_map_pages_zero() 2019-05-14 09:47:50 -07:00
privcmd.c mm/pgtable: drop pgtable_t variable from pte_fn_t functions 2019-07-12 11:05:46 -07:00
privcmd.h xen: add new hypercall buffer mapping device 2018-06-22 08:26:42 +02:00
pvcalls-back.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 157 2019-05-30 11:26:37 -07:00
pvcalls-front.c xen: fixes for 5.2-rc3 2019-05-31 10:53:34 -07:00
pvcalls-front.h xen: fix poll misannotation 2018-02-01 10:07:32 -05:00
swiotlb-xen.c Merge branch 'stable/for-linus-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb 2019-06-11 15:38:34 -10:00
sys-hypervisor.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
time.c x86/paravirt: Use a single ops structure 2018-09-03 16:50:35 +02:00
xen-acpi-cpuhotplug.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 12 2019-05-21 11:28:45 +02:00
xen-acpi-memhotplug.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 12 2019-05-21 11:28:45 +02:00
xen-acpi-pad.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
xen-acpi-processor.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
xen-balloon.c xen: remove tmem driver 2019-07-17 08:09:58 +02:00
xen-front-pgdir-shbuf.c xen: Introduce shared buffer helpers for page directory... 2018-12-18 12:15:55 -05:00
xen-scsiback.c xen: fixes and features for 5.1-rc1 2019-03-11 17:08:14 -07:00
xen-stub.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 12 2019-05-21 11:28:45 +02:00
xlate_mmu.c mm/pgtable: drop pgtable_t variable from pte_fn_t functions 2019-07-12 11:05:46 -07:00