diff options
author | Daniel De Graaf <dgdegra@tycho.nsa.gov> | 2011-02-09 15:12:00 -0500 |
---|---|---|
committer | Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> | 2011-02-14 14:16:21 -0500 |
commit | b57c18694ea1641b691fa05ed8af0ce339fa430b (patch) | |
tree | 3fb3b050ef993092db69463fa56507f03eb31cf8 /drivers | |
parent | 84e4075d60fc8f1c0b937765620bc784dd0c3d39 (diff) |
xen-gntdev: Avoid unmapping ranges twice
In paravirtualized domains, mn_invl_page or mn_invl_range_start can
unmap a segment of a mapped region without unmapping all pages. When
the region is later released, the pages will be unmapped twice, leading
to an incorrect -EINVAL return.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/xen/gntdev.c | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c index 4ca4262d3d1..4687cd557c9 100644 --- a/drivers/xen/gntdev.c +++ b/drivers/xen/gntdev.c @@ -282,7 +282,7 @@ static int map_grant_pages(struct grant_map *map) return err; } -static int unmap_grant_pages(struct grant_map *map, int offset, int pages) +static int __unmap_grant_pages(struct grant_map *map, int offset, int pages) { int i, err = 0; @@ -301,7 +301,6 @@ static int unmap_grant_pages(struct grant_map *map, int offset, int pages) } } - pr_debug("map %d+%d [%d+%d]\n", map->index, map->count, offset, pages); err = gnttab_unmap_refs(map->unmap_ops + offset, map->pages + offset, pages); if (err) return err; @@ -314,6 +313,36 @@ static int unmap_grant_pages(struct grant_map *map, int offset, int pages) return err; } +static int unmap_grant_pages(struct grant_map *map, int offset, int pages) +{ + int range, err = 0; + + pr_debug("unmap %d+%d [%d+%d]\n", map->index, map->count, offset, pages); + + /* It is possible the requested range will have a "hole" where we + * already unmapped some of the grants. Only unmap valid ranges. + */ + while (pages && !err) { + while (pages && !map->unmap_ops[offset].handle) { + offset++; + pages--; + } + range = 0; + while (range < pages) { + if (!map->unmap_ops[offset+range].handle) { + range--; + break; + } + range++; + } + err = __unmap_grant_pages(map, offset, range); + offset += range; + pages -= range; + } + + return err; +} + /* ------------------------------------------------------------------ */ static void gntdev_vma_close(struct vm_area_struct *vma) |