From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Juergen Gross <jgross@suse.com>, Sasha Levin <sashal@kernel.org>,
Wei Liu <wl@xen.org>,
xen-devel@lists.xenproject.org
Subject: [PATCH AUTOSEL 5.6 21/38] xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
Date: Fri, 24 Apr 2020 08:22:19 -0400 [thread overview]
Message-ID: <20200424122237.9831-21-sashal@kernel.org> (raw)
In-Reply-To: <20200424122237.9831-1-sashal@kernel.org>
From: Juergen Gross <jgross@suse.com>
[ Upstream commit 6b51fd3f65a22e3d1471b18a1d56247e246edd46 ]
xenbus_map_ring_valloc() maps a ring page and returns the status of the
used grant (0 meaning success).
There are Xen hypervisors which might return the value 1 for the status
of a failed grant mapping due to a bug. Some callers of
xenbus_map_ring_valloc() test for errors by testing the returned status
to be less than zero, resulting in no error detected and crashing later
due to a not available ring page.
Set the return value of xenbus_map_ring_valloc() to GNTST_general_error
in case the grant status reported by Xen is greater than zero.
This is part of XSA-316.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Wei Liu <wl@xen.org>
Link: https://lore.kernel.org/r/20200326080358.1018-1-jgross@suse.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/xenbus/xenbus_client.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c
index e17ca81561713..a38292ef79f6d 100644
--- a/drivers/xen/xenbus/xenbus_client.c
+++ b/drivers/xen/xenbus/xenbus_client.c
@@ -448,7 +448,14 @@ EXPORT_SYMBOL_GPL(xenbus_free_evtchn);
int xenbus_map_ring_valloc(struct xenbus_device *dev, grant_ref_t *gnt_refs,
unsigned int nr_grefs, void **vaddr)
{
- return ring_ops->map(dev, gnt_refs, nr_grefs, vaddr);
+ int err;
+
+ err = ring_ops->map(dev, gnt_refs, nr_grefs, vaddr);
+ /* Some hypervisors are buggy and can return 1. */
+ if (err > 0)
+ err = GNTST_general_error;
+
+ return err;
}
EXPORT_SYMBOL_GPL(xenbus_map_ring_valloc);
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Juergen Gross <jgross@suse.com>, Wei Liu <wl@xen.org>,
Sasha Levin <sashal@kernel.org>,
xen-devel@lists.xenproject.org
Subject: [PATCH AUTOSEL 5.6 21/38] xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
Date: Fri, 24 Apr 2020 08:22:19 -0400 [thread overview]
Message-ID: <20200424122237.9831-21-sashal@kernel.org> (raw)
In-Reply-To: <20200424122237.9831-1-sashal@kernel.org>
From: Juergen Gross <jgross@suse.com>
[ Upstream commit 6b51fd3f65a22e3d1471b18a1d56247e246edd46 ]
xenbus_map_ring_valloc() maps a ring page and returns the status of the
used grant (0 meaning success).
There are Xen hypervisors which might return the value 1 for the status
of a failed grant mapping due to a bug. Some callers of
xenbus_map_ring_valloc() test for errors by testing the returned status
to be less than zero, resulting in no error detected and crashing later
due to a not available ring page.
Set the return value of xenbus_map_ring_valloc() to GNTST_general_error
in case the grant status reported by Xen is greater than zero.
This is part of XSA-316.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Wei Liu <wl@xen.org>
Link: https://lore.kernel.org/r/20200326080358.1018-1-jgross@suse.com
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/xen/xenbus/xenbus_client.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c
index e17ca81561713..a38292ef79f6d 100644
--- a/drivers/xen/xenbus/xenbus_client.c
+++ b/drivers/xen/xenbus/xenbus_client.c
@@ -448,7 +448,14 @@ EXPORT_SYMBOL_GPL(xenbus_free_evtchn);
int xenbus_map_ring_valloc(struct xenbus_device *dev, grant_ref_t *gnt_refs,
unsigned int nr_grefs, void **vaddr)
{
- return ring_ops->map(dev, gnt_refs, nr_grefs, vaddr);
+ int err;
+
+ err = ring_ops->map(dev, gnt_refs, nr_grefs, vaddr);
+ /* Some hypervisors are buggy and can return 1. */
+ if (err > 0)
+ err = GNTST_general_error;
+
+ return err;
}
EXPORT_SYMBOL_GPL(xenbus_map_ring_valloc);
--
2.20.1
next prev parent reply other threads:[~2020-04-24 12:23 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-24 12:21 [PATCH AUTOSEL 5.6 01/38] libbpf: Initialize *nl_pid so gcc 10 is happy Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 02/38] net: fec: set GPR bit on suspend by DT configuration Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 03/38] x86: hyperv: report value of misc_features Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 04/38] signal: check sig before setting info in kill_pid_usb_asyncio Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 05/38] hwmon: (drivetemp) Use drivetemp's true module name in Kconfig section Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 06/38] hwmon: (drivetemp) Return -ENODATA for invalid temperatures Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 07/38] afs: Fix length of dump of bad YFSFetchStatus record Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 08/38] xfs: acquire superblock freeze protection on eofblocks scans Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 09/38] xfs: fix partially uninitialized structure in xfs_reflink_remap_extent Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 10/38] ALSA: hda: Release resources at error in delayed probe Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 11/38] ALSA: hda: Keep the controller initialization even if no codecs found Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 12/38] ALSA: hda: Skip controller resume if not needed Sasha Levin
2020-04-24 12:44 ` Takashi Iwai
2020-04-24 12:44 ` Takashi Iwai
2020-04-30 22:36 ` Roy Spliet
2020-05-01 1:17 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 13/38] ALSA: hda: Explicitly permit using autosuspend if runtime PM is supported Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 14/38] drm/amdgpu: fix wrong vram lost counter increment V2 Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 15/38] scsi: target: fix PR IN / READ FULL STATUS for FC Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 16/38] scsi: target: tcmu: reset_ring should reset TCMU_DEV_BIT_BROKEN Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 17/38] clk: asm9260: fix __clk_hw_register_fixed_rate_with_accuracy typo Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 18/38] efi/x86: Don't remap text<->rodata gap read-only for mixed mode Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 19/38] objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 20/38] objtool: Support Clang non-section symbols in ORC dump Sasha Levin
2020-04-24 12:22 ` Sasha Levin [this message]
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 21/38] xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 22/38] ALSA: hda: call runtime_allow() for all hda controllers Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 23/38] net: stmmac: socfpga: Allow all RGMII modes Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 24/38] net/cxgb4: Check the return from t4_query_params properly Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 25/38] mac80211: fix channel switch trigger from unknown mesh peer Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 26/38] sched/isolation: Allow "isolcpus=" to skip unknown sub-parameters Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 27/38] sched/vtime: Work around an unitialized variable warning Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 28/38] i2c: remove i2c_new_probed_device API Sasha Levin
2020-04-24 13:36 ` Wolfram Sang
2020-04-25 1:51 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 29/38] arm64: Delete the space separator in __emit_inst Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 30/38] i2c: tegra: Better handle case where CPU0 is busy for a long time Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-27 7:22 ` Thierry Reding
2020-04-27 7:22 ` Thierry Reding
2020-05-01 0:59 ` Sasha Levin
2020-05-01 0:59 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 31/38] i2c: tegra: Synchronize DMA before termination Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 32/38] ext4: use matching invalidatepage in ext4_writepage Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 33/38] ext4: increase wait time needed before reuse of deleted inode numbers Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 34/38] ext4: convert BUG_ON's to WARN_ON's in mballoc.c Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 35/38] irqchip/gic-v4.1: Add support for VPENDBASER's Dirty+Valid signaling Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 36/38] blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 37/38] irqchip/meson-gpio: Fix HARDIRQ-safe -> HARDIRQ-unsafe lock order Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` Sasha Levin
2020-04-24 12:22 ` [PATCH AUTOSEL 5.6 38/38] hwmon: (jc42) Fix name to have no illegal characters Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200424122237.9831-21-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=jgross@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.