[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] grant_tables.c / domain BIGLOCK anomaly


  • To: xen-devel@xxxxxxxxxxxxxxxxxxx
  • From: Reiner Sailer <sailer@xxxxxxxxxx>
  • Date: Thu, 14 Apr 2005 13:19:02 -0400
  • Delivery-date: Thu, 14 Apr 2005 17:18:56 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Sensitivity:


Hello,

xen/common/grant_tables.c seems to return without unlocking the BIGLOCK on a
domain if it runs into an error. I did not run into this error, but
the xen code now runs into the routines so I think it's better to fix this.

Problem code:
======================
long
do_grant_table_op(
   unsigned int cmd, void *uop, unsigned int count)
{
...
   LOCK_BIGLOCK(current->domain);

   switch ( cmd )
   {
   case GNTTABOP_map_grant_ref:
       printk("%s: \n", __func__);
       if ( unlikely(!array_access_ok(
           VERIFY_WRITE, uop, count, sizeof(gnttab_map_grant_ref_t))) )
===>>            return -EFAULT;
       rc = gnttab_map_grant_ref((gnttab_map_grant_ref_t *)uop, count);
       break;
   case GNTTABOP_unmap_grant_ref:
       printk("%s: \n", __func__);
       if ( unlikely(!array_access_ok(
           VERIFY_WRITE, uop, count, sizeof(gnttab_unmap_grant_ref_t))) )
===>>            return -EFAULT;
       rc = gnttab_unmap_grant_ref((gnttab_unmap_grant_ref_t *)uop, count);
       break;
...
   UNLOCK_BIGLOCK(current->domain);
...
}

==========================

Here is a patch to fix it:
------------------------------------------------------------
--- xeno-unstable.bk_orig/xen/common/grant_table.c                 2005-04-14 09:00:50.000000000 -0400
+++ xeno-unstable.bk/xen/common/grant_table.c                 2005-04-14 13:03:59.000000000 -0400
@@ -809,13 +809,19 @@
    case GNTTABOP_map_grant_ref:
        if ( unlikely(!array_access_ok(
            VERIFY_WRITE, uop, count, sizeof(gnttab_map_grant_ref_t))) )
-            return -EFAULT;
+            {
+                rc = -EFAULT;
+                break;
+            }
        rc = gnttab_map_grant_ref((gnttab_map_grant_ref_t *)uop, count);
        break;
    case GNTTABOP_unmap_grant_ref:
        if ( unlikely(!array_access_ok(
            VERIFY_WRITE, uop, count, sizeof(gnttab_unmap_grant_ref_t))) )
-            return -EFAULT;
+            {
+                rc = -EFAULT;
+                break;
+            }
        rc = gnttab_unmap_grant_ref((gnttab_unmap_grant_ref_t *)uop, count);
        break;
    case GNTTABOP_setup_table:

--------------------------------------------------------------

Regards
Reiner
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.