[thirdparty/kernel/stable-queue.git] / releases / 4.4.57 / drivers-hv-balloon-don-t-crash-when-memory-is-added-in-non-sorted-order.patch

From 77c0c9735bc0ba5898e637a3a20d6bcb50e3f67d Mon Sep 17 00:00:00 2001
From: Vitaly Kuznetsov <vkuznets@redhat.com>
Date: Sat, 30 Apr 2016 19:21:35 -0700
Subject: Drivers: hv: balloon: don't crash when memory is added in non-sorted order

From: Vitaly Kuznetsov <vkuznets@redhat.com>

commit 77c0c9735bc0ba5898e637a3a20d6bcb50e3f67d upstream.

When we iterate through all HA regions in handle_pg_range() we have an
assumption that all these regions are sorted in the list and the
'start_pfn >= has->end_pfn' check is enough to find the proper region.
Unfortunately it's not the case with WS2016 where host can hot-add regions
in a different order. We end up modifying the wrong HA region and crashing
later on pages online. Modify the check to make sure we found the region
we were searching for while iterating. Fix the same check in pfn_covered()
as well.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/hv/hv_balloon.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/hv/hv_balloon.c
+++ b/drivers/hv/hv_balloon.c
@@ -714,7 +714,7 @@ static bool pfn_covered(unsigned long st
 		 * If the pfn range we are dealing with is not in the current
 		 * "hot add block", move on.
 		 */
-		if ((start_pfn >= has->end_pfn))
+		if (start_pfn < has->start_pfn || start_pfn >= has->end_pfn)
 			continue;
 		/*
 		 * If the current hot add-request extends beyond
@@ -768,7 +768,7 @@ static unsigned long handle_pg_range(uns
 		 * If the pfn range we are dealing with is not in the current
 		 * "hot add block", move on.
 		 */
-		if ((start_pfn >= has->end_pfn))
+		if (start_pfn < has->start_pfn || start_pfn >= has->end_pfn)
 			continue;
 
 		old_covered_state = has->covered_end_pfn;
Commit	Line	Data
1458a8ef GKH	1	From 77c0c9735bc0ba5898e637a3a20d6bcb50e3f67d Mon Sep 17 00:00:00 2001
	2	From: Vitaly Kuznetsov <vkuznets@redhat.com>
	3	Date: Sat, 30 Apr 2016 19:21:35 -0700
	4	Subject: Drivers: hv: balloon: don't crash when memory is added in non-sorted order
	5
	6	From: Vitaly Kuznetsov <vkuznets@redhat.com>
	7
	8	commit 77c0c9735bc0ba5898e637a3a20d6bcb50e3f67d upstream.
	9
	10	When we iterate through all HA regions in handle_pg_range() we have an
	11	assumption that all these regions are sorted in the list and the
	12	'start_pfn >= has->end_pfn' check is enough to find the proper region.
	13	Unfortunately it's not the case with WS2016 where host can hot-add regions
	14	in a different order. We end up modifying the wrong HA region and crashing
	15	later on pages online. Modify the check to make sure we found the region
	16	we were searching for while iterating. Fix the same check in pfn_covered()
	17	as well.
	18
	19	Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
	20	Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
	21	Cc: Sumit Semwal <sumit.semwal@linaro.org>
	22	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	23
	24	---
	25	drivers/hv/hv_balloon.c \| 4 ++--
	26	1 file changed, 2 insertions(+), 2 deletions(-)
	27
	28	--- a/drivers/hv/hv_balloon.c
	29	+++ b/drivers/hv/hv_balloon.c
	30	@@ -714,7 +714,7 @@ static bool pfn_covered(unsigned long st
	31	* If the pfn range we are dealing with is not in the current
	32	* "hot add block", move on.
	33	*/
	34	- if ((start_pfn >= has->end_pfn))
	35	+ if (start_pfn < has->start_pfn \|\| start_pfn >= has->end_pfn)
	36	continue;
	37	/*
	38	* If the current hot add-request extends beyond
	39	@@ -768,7 +768,7 @@ static unsigned long handle_pg_range(uns
	40	* If the pfn range we are dealing with is not in the current
	41	* "hot add block", move on.
	42	*/
	43	- if ((start_pfn >= has->end_pfn))
	44	+ if (start_pfn < has->start_pfn \|\| start_pfn >= has->end_pfn)
	45	continue;
	46
	47	old_covered_state = has->covered_end_pfn;