[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.12] gnttab: fix GNTTABOP_copy continuation handling



commit 3536f8dc39cc7311715340b87a04a89fac468406
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Apr 14 15:00:18 2020 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Apr 14 15:00:18 2020 +0200

    gnttab: fix GNTTABOP_copy continuation handling
    
    The XSA-226 fix was flawed - the backwards transformation on rc was done
    too early, causing a continuation to not get invoked when the need for
    preemption was determined at the very first iteration of the request.
    This in particular means that all of the status fields of the individual
    operations would be left untouched, i.e. set to whatever the caller may
    or may not have initialized them to.
    
    This is part of XSA-318.
    
    Reported-by: Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Juergen Gross <jgross@xxxxxxxx>
    Tested-by: Pawel Wieczorkiewicz <wipawel@xxxxxxxxx>
    master commit: d6f22d5d9e8d6848ec229083ac9fb044f0adea93
    master date: 2020-04-14 14:42:32 +0200
---
 xen/common/grant_table.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index 2e512a1d69..38d5524a0e 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -3521,8 +3521,7 @@ do_grant_table_op(
         rc = gnttab_copy(copy, count);
         if ( rc > 0 )
         {
-            rc = count - rc;
-            guest_handle_add_offset(copy, rc);
+            guest_handle_add_offset(copy, count - rc);
             uop = guest_handle_cast(copy, void);
         }
         break;
@@ -3589,6 +3588,9 @@ do_grant_table_op(
   out:
     if ( rc > 0 || opaque_out != 0 )
     {
+        /* Adjust rc, see gnttab_copy() for why this is needed. */
+        if ( cmd == GNTTABOP_copy )
+            rc = count - rc;
         ASSERT(rc < count);
         ASSERT((opaque_out & GNTTABOP_CMD_MASK) == 0);
         rc = hypercall_create_continuation(__HYPERVISOR_grant_table_op, "ihi",
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.12



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.