[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/gntdev: fix gntdev_mmap() error exit path

  • To: Juergen Gross <jgross@xxxxxxxx>
  • From: Luca Fancellu <luca.fancellu@xxxxxxx>
  • Date: Fri, 23 Apr 2021 08:04:57 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vbTuDLLcuOIeG8S0Lhaxa5ixkykOjPLHp7E5lkbcJG8=; b=Y/41BQtupjBUHM5z8qjle3tTIkLmBM6rYaAyXw84sSDUKsMww1QFHtQJ0kCKJD2NuaMC0iaRqF4W4kl0xCsnHTmrs/zbu9aCXOPcL7a+UPjMwINF1wW6NEBEBKhPwXvwBE5uyoDBtsiGIWSHxhcl/cZvYeX+HeW+akP86QAB1dSC3dDmD2E3Xmc8WPqz2sCy6Ammf0i59XFN7n7yu+Tw8TSu+gf+Kb9w7bSzDG9EIyTXieISbwtB8n/6IAYa4IxuM/0lFv+upC7a/MXcYAb23F8dwc5oZHVyLbx16DBZJApuYpa0N9HHY9xhe5tHGyOSg+wzdxZXqvmObJGofQwKnw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bvR4H1dYRq79uQJQywX/VzRwez5Md1ZZdX9+q6mcKuKFMNAUW5WXRZWF4BRDskv3aCfQX5dUeW0qN4J3OKfjhUnQlcPvbepGWUa3d1hQB4kL5tYNYaKRYCjzoO2YC2JT9O+H8+tIa3RwtgV7XNf5TJ/2fSUmHkKBQDdbKK+mXLGedWS8gaDkij582mR20knByO092gf3xB1cyWyDg0yBUMcowQRYBBODq6S+qsyvHZzzEvMA91K0yrahvDxanAGzbhnMax0OwiP2uOopu0VhKUtUgaxbf6n0y3hsUKr/Ao4F3GnXW4DdiOEsfvA9A1x9LjimZkqJ3oGhbqthunxPAA==
  • Authentication-results-original: suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=none action=none header.from=arm.com;
  • Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, stable@xxxxxxxxxxxxxxx, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 23 Apr 2021 07:05:25 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: suse.com; dkim=none (message not signed) header.d=none;suse.com; dmarc=none action=none header.from=arm.com;

> On 23 Apr 2021, at 08:00, Juergen Gross <jgross@xxxxxxxx> wrote:
> 
> On 23.04.21 08:55, Luca Fancellu wrote:
>>> On 23 Apr 2021, at 06:40, Juergen Gross <jgross@xxxxxxxx> wrote:
>>> 
>>> Commit d3eeb1d77c5d0af ("xen/gntdev: use mmu_interval_notifier_insert")
>>> introduced an error in gntdev_mmap(): in case the call of
>>> mmu_interval_notifier_insert_locked() fails the exit path should not
>>> call mmu_interval_notifier_remove(), as this might result in NULL
>>> dereferences.
>>> 
>>> One reason for failure is e.g. a signal pending for the running
>>> process.
>>> 
>>> Fixes: d3eeb1d77c5d0af ("xen/gntdev: use mmu_interval_notifier_insert")
>>> Cc: stable@xxxxxxxxxxxxxxx
>>> Reported-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
>>> Tested-by: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>
>>> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>
>>> ---
>>> drivers/xen/gntdev.c | 4 +++-
>>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>> 
>>> diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
>>> index f01d58c7a042..a3e7be96527d 100644
>>> --- a/drivers/xen/gntdev.c
>>> +++ b/drivers/xen/gntdev.c
>>> @@ -1017,8 +1017,10 @@ static int gntdev_mmap(struct file *flip, struct 
>>> vm_area_struct *vma)
>>>             err = mmu_interval_notifier_insert_locked(
>>>                     &map->notifier, vma->vm_mm, vma->vm_start,
>>>                     vma->vm_end - vma->vm_start, &gntdev_mmu_ops);
>>> -           if (err)
>>> +           if (err) {
>>> +                   map->vma = NULL;
>>>                     goto out_unlock_put;
>>> +           }
>>>     }
>>>     mutex_unlock(&priv->lock);
>>> 
>>> -- 
>>> 2.26.2
>>> 
>>> 
>> Hi Juergen,
>> I can see from the code that there is another path to out_unlock_put label 
>> some lines before:
>>         […]
>>         vma->vm_private_data = map;
>>      if (map->flags) {
>>              if ((vma->vm_flags & VM_WRITE) &&
>>                              (map->flags & GNTMAP_readonly))
>>                      goto out_unlock_put;
>>      } else {
>>              map->flags = GNTMAP_host_map;
>>              if (!(vma->vm_flags & VM_WRITE))
>>                      map->flags |= GNTMAP_readonly;
>>      }
>>         […]
>> Can be the case that use_ptemod is != 0 also for that path?
> 
> map->vma will be NULL in this case, so there will be no problem
> resulting from that path.
> 

Right, thanks, seems good to me.

Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>

Cheers,
Luca

> 
> Juergen
> <OpenPGP_0xB0DE9DD628BF132F.asc>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.