From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
To: anthony@codemonkey.ws
Cc: xen-devel@lists.xensource.com,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
Matthew Daley <mattjd@gmail.com>,
qemu-devel@nongnu.org, qemu-stable@nongnu.org,
Anthony.Perard@citrix.com
Subject: [Qemu-devel] [PULL 1/2] xen_disk: mark ioreq as mapped before unmapping in error case
Date: Thu, 10 Oct 2013 15:36:53 +0100 [thread overview]
Message-ID: <1381415814-8931-1-git-send-email-stefano.stabellini@eu.citrix.com> (raw)
In-Reply-To: <alpine.DEB.2.02.1310101525470.26077@kaball.uk.xensource.com>
From: Matthew Daley <mattjd@gmail.com>
Commit 4472beae modified the semantics of ioreq_{un,}map so that they are
idempotent if called when they're not needed (ie., twice in a row). However,
it neglected to handle the case where batch mapping is not being used (the
default), and one of the grants fails to map. In this case, ioreq_unmap will
be called to unwind and unmap any mappings already performed, but ioreq_unmap
simply returns due to the aforementioned change (the ioreq has not already
been marked as mapped).
The frontend user can therefore force xen_disk to leak grant mappings, a
per-domain limited resource.
Fix by marking the ioreq as mapped before calling ioreq_unmap in this
situation.
Signed-off-by: Matthew Daley <mattjd@gmail.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
CC: qemu-stable@nongnu.org
---
hw/block/xen_disk.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index f35fc59..8742294 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -405,6 +405,7 @@ static int ioreq_map(struct ioreq *ioreq)
xen_be_printf(&ioreq->blkdev->xendev, 0,
"can't map grant ref %d (%s, %d maps)\n",
refs[i], strerror(errno), ioreq->blkdev->cnt_map);
+ ioreq->mapped = 1;
ioreq_unmap(ioreq);
return -1;
}
--
1.7.2.5
next prev parent reply other threads:[~2013-10-10 14:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-10 14:30 [Qemu-devel] [PULL 0/2] Xen 2013-10-10 Stefano Stabellini
2013-10-10 14:36 ` Stefano Stabellini [this message]
2013-10-10 14:36 ` [Qemu-devel] [PULL 2/2] qemu/xen: make use of xenstore relative paths Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1381415814-8931-1-git-send-email-stefano.stabellini@eu.citrix.com \
--to=stefano.stabellini@eu.citrix.com \
--cc=Anthony.Perard@citrix.com \
--cc=anthony@codemonkey.ws \
--cc=mattjd@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).