Commit e398fb4b authored by Souptick Joarder's avatar Souptick Joarder Committed by Juergen Gross

xen/privcmd: Corrected error handling path

Previously, if lock_pages() end up partially mapping pages, it used
to return -ERRNO due to which unlock_pages() have to go through
each pages[i] till *nr_pages* to validate them. This can be avoided
by passing correct number of partially mapped pages & -ERRNO separately,
while returning from lock_pages() due to error.

With this fix unlock_pages() doesn't need to validate pages[i] till
*nr_pages* for error scenario and few condition checks can be ignored.
Signed-off-by: default avatarSouptick Joarder <jrdr.linux@gmail.com>
Reviewed-by: default avatarJuergen Gross <jgross@suse.com>
Reviewed-by: default avatarPaul Durrant <paul@xen.org>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Paul Durrant <xadimgnik@gmail.com>
Link: https://lore.kernel.org/r/1594525195-28345-2-git-send-email-jrdr.linux@gmail.comSigned-off-by: default avatarJuergen Gross <jgross@suse.com>
parent bcf87687
...@@ -580,13 +580,13 @@ static long privcmd_ioctl_mmap_batch( ...@@ -580,13 +580,13 @@ static long privcmd_ioctl_mmap_batch(
static int lock_pages( static int lock_pages(
struct privcmd_dm_op_buf kbufs[], unsigned int num, struct privcmd_dm_op_buf kbufs[], unsigned int num,
struct page *pages[], unsigned int nr_pages) struct page *pages[], unsigned int nr_pages, unsigned int *pinned)
{ {
unsigned int i; unsigned int i;
for (i = 0; i < num; i++) { for (i = 0; i < num; i++) {
unsigned int requested; unsigned int requested;
int pinned; int page_count;
requested = DIV_ROUND_UP( requested = DIV_ROUND_UP(
offset_in_page(kbufs[i].uptr) + kbufs[i].size, offset_in_page(kbufs[i].uptr) + kbufs[i].size,
...@@ -594,14 +594,15 @@ static int lock_pages( ...@@ -594,14 +594,15 @@ static int lock_pages(
if (requested > nr_pages) if (requested > nr_pages)
return -ENOSPC; return -ENOSPC;
pinned = get_user_pages_fast( page_count = get_user_pages_fast(
(unsigned long) kbufs[i].uptr, (unsigned long) kbufs[i].uptr,
requested, FOLL_WRITE, pages); requested, FOLL_WRITE, pages);
if (pinned < 0) if (page_count < 0)
return pinned; return page_count;
nr_pages -= pinned; *pinned += page_count;
pages += pinned; nr_pages -= page_count;
pages += page_count;
} }
return 0; return 0;
...@@ -611,13 +612,8 @@ static void unlock_pages(struct page *pages[], unsigned int nr_pages) ...@@ -611,13 +612,8 @@ static void unlock_pages(struct page *pages[], unsigned int nr_pages)
{ {
unsigned int i; unsigned int i;
if (!pages) for (i = 0; i < nr_pages; i++)
return;
for (i = 0; i < nr_pages; i++) {
if (pages[i])
put_page(pages[i]); put_page(pages[i]);
}
} }
static long privcmd_ioctl_dm_op(struct file *file, void __user *udata) static long privcmd_ioctl_dm_op(struct file *file, void __user *udata)
...@@ -630,6 +626,7 @@ static long privcmd_ioctl_dm_op(struct file *file, void __user *udata) ...@@ -630,6 +626,7 @@ static long privcmd_ioctl_dm_op(struct file *file, void __user *udata)
struct xen_dm_op_buf *xbufs = NULL; struct xen_dm_op_buf *xbufs = NULL;
unsigned int i; unsigned int i;
long rc; long rc;
unsigned int pinned = 0;
if (copy_from_user(&kdata, udata, sizeof(kdata))) if (copy_from_user(&kdata, udata, sizeof(kdata)))
return -EFAULT; return -EFAULT;
...@@ -683,9 +680,11 @@ static long privcmd_ioctl_dm_op(struct file *file, void __user *udata) ...@@ -683,9 +680,11 @@ static long privcmd_ioctl_dm_op(struct file *file, void __user *udata)
goto out; goto out;
} }
rc = lock_pages(kbufs, kdata.num, pages, nr_pages); rc = lock_pages(kbufs, kdata.num, pages, nr_pages, &pinned);
if (rc) if (rc < 0) {
nr_pages = pinned;
goto out; goto out;
}
for (i = 0; i < kdata.num; i++) { for (i = 0; i < kdata.num; i++) {
set_xen_guest_handle(xbufs[i].h, kbufs[i].uptr); set_xen_guest_handle(xbufs[i].h, kbufs[i].uptr);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment