[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.8] common/gnttab: Correct error handling for gnttab_setup_table()



commit 6353c349a517c0aa834e8b3da6aae7122b5cefae
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Wed Dec 20 16:03:18 2017 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Dec 20 16:03:18 2017 +0100

    common/gnttab: Correct error handling for gnttab_setup_table()
    
    Simplify the error labels to just "unlock" and "out".  This fixes an 
erroneous
    path where a failure of rcu_lock_domain_by_any_id() still results in
    rcu_unlock_domain() being called.
    
    This is only not an XSA by luck.  rcu_unlock_domain() is a nop other than
    decrementing the preempt count, and nothing reads the preempt count outside 
of
    a debug build.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    master commit: 5e436e7a45082ea2cadc176c19e1df46c178448f
    master date: 2017-08-15 15:08:57 +0100
---
 xen/common/grant_table.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index 7f796df..dc1bce3 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -1614,7 +1614,7 @@ gnttab_setup_table(
     XEN_GUEST_HANDLE_PARAM(gnttab_setup_table_t) uop, unsigned int count)
 {
     struct gnttab_setup_table op;
-    struct domain *d;
+    struct domain *d = NULL;
     struct grant_table *gt;
     int            i;
     xen_pfn_t  gmfn;
@@ -1634,7 +1634,7 @@ gnttab_setup_table(
                 " per domain.\n",
                 max_grant_frames);
         op.status = GNTST_general_error;
-        goto out1;
+        goto out;
     }
 
     if ( !guest_handle_okay(op.frame_list, op.nr_frames) )
@@ -1645,13 +1645,13 @@ gnttab_setup_table(
     {
         gdprintk(XENLOG_INFO, "Bad domid %d.\n", op.dom);
         op.status = GNTST_bad_domain;
-        goto out2;
+        goto out;
     }
 
     if ( xsm_grant_setup(XSM_TARGET, current->domain, d) )
     {
         op.status = GNTST_permission_denied;
-        goto out2;
+        goto out;
     }
 
     gt = d->grant_table;
@@ -1669,7 +1669,7 @@ gnttab_setup_table(
                  "Expand grant table to %u failed. Current: %u Max: %u\n",
                  op.nr_frames, nr_grant_frames(gt), max_grant_frames);
         op.status = GNTST_general_error;
-        goto out3;
+        goto unlock;
     }
  
     op.status = GNTST_okay;
@@ -1682,11 +1682,12 @@ gnttab_setup_table(
             op.status = GNTST_bad_virt_addr;
     }
 
- out3:
+ unlock:
     grant_write_unlock(gt);
- out2:
-    rcu_unlock_domain(d);
- out1:
+ out:
+    if ( d )
+        rcu_unlock_domain(d);
+
     if ( unlikely(__copy_field_to_guest(uop, &op, status)) )
         return -EFAULT;
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.8

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.