xen-x86-don-t-bail-early-from-clear_foreign_p2m_mapping.patch
xen-x86-also-check-kernel-mapping-in-set_foreign_p2m_mapping.patch
xen-gntdev-correct-dev_bus_addr-handling-in-gntdev_map_grant_pages.patch
+xen-gntdev-correct-error-checking-in-gntdev_map_grant_pages.patch
+xen-arm-don-t-ignore-return-errors-from-set_phys_to_machine.patch
+xen-blkback-don-t-handle-error-by-bug.patch
+xen-netback-don-t-handle-error-by-bug.patch
+xen-scsiback-don-t-handle-error-by-bug.patch
+xen-blkback-fix-error-handling-in-xen_blkbk_map.patch
--- /dev/null
+From 36bf1dfb8b266e089afa9b7b984217f17027bf35 Mon Sep 17 00:00:00 2001
+From: Stefano Stabellini <stefano.stabellini@xilinx.com>
+Date: Mon, 15 Feb 2021 08:53:44 +0100
+Subject: xen/arm: don't ignore return errors from set_phys_to_machine
+
+From: Stefano Stabellini <stefano.stabellini@xilinx.com>
+
+commit 36bf1dfb8b266e089afa9b7b984217f17027bf35 upstream.
+
+set_phys_to_machine can fail due to lack of memory, see the kzalloc call
+in arch/arm/xen/p2m.c:__set_phys_to_machine_multi.
+
+Don't ignore the potential return error in set_foreign_p2m_mapping,
+returning it to the caller instead.
+
+This is part of XSA-361.
+
+Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Julien Grall <jgrall@amazon.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/xen/p2m.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/xen/p2m.c
++++ b/arch/arm/xen/p2m.c
+@@ -95,8 +95,10 @@ int set_foreign_p2m_mapping(struct gntta
+ for (i = 0; i < count; i++) {
+ if (map_ops[i].status)
+ continue;
+- set_phys_to_machine(map_ops[i].host_addr >> XEN_PAGE_SHIFT,
+- map_ops[i].dev_bus_addr >> XEN_PAGE_SHIFT);
++ if (unlikely(!set_phys_to_machine(map_ops[i].host_addr >> XEN_PAGE_SHIFT,
++ map_ops[i].dev_bus_addr >> XEN_PAGE_SHIFT))) {
++ return -ENOMEM;
++ }
+ }
+
+ return 0;
--- /dev/null
+From 5a264285ed1cd32e26d9de4f3c8c6855e467fd63 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Mon, 15 Feb 2021 08:54:51 +0100
+Subject: xen-blkback: don't "handle" error by BUG()
+
+From: Jan Beulich <jbeulich@suse.com>
+
+commit 5a264285ed1cd32e26d9de4f3c8c6855e467fd63 upstream.
+
+In particular -ENOMEM may come back here, from set_foreign_p2m_mapping().
+Don't make problems worse, the more that handling elsewhere (together
+with map's status fields now indicating whether a mapping wasn't even
+attempted, and hence has to be considered failed) doesn't require this
+odd way of dealing with errors.
+
+This is part of XSA-362.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/block/xen-blkback/blkback.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/drivers/block/xen-blkback/blkback.c
++++ b/drivers/block/xen-blkback/blkback.c
+@@ -811,10 +811,8 @@ again:
+ break;
+ }
+
+- if (segs_to_map) {
++ if (segs_to_map)
+ ret = gnttab_map_refs(map, NULL, pages_to_gnt, segs_to_map);
+- BUG_ON(ret);
+- }
+
+ /*
+ * Now swizzle the MFN in our domain with the MFN from the other domain
+@@ -830,7 +828,7 @@ again:
+ gnttab_page_cache_put(&ring->free_pages,
+ &pages[seg_idx]->page, 1);
+ pages[seg_idx]->handle = BLKBACK_INVALID_HANDLE;
+- ret |= 1;
++ ret |= !ret;
+ goto next;
+ }
+ pages[seg_idx]->handle = map[new_map_idx].handle;
--- /dev/null
+From 871997bc9e423f05c7da7c9178e62dde5df2a7f8 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Mon, 15 Feb 2021 08:56:44 +0100
+Subject: xen-blkback: fix error handling in xen_blkbk_map()
+
+From: Jan Beulich <jbeulich@suse.com>
+
+commit 871997bc9e423f05c7da7c9178e62dde5df2a7f8 upstream.
+
+The function uses a goto-based loop, which may lead to an earlier error
+getting discarded by a later iteration. Exit this ad-hoc loop when an
+error was encountered.
+
+The out-of-memory error path additionally fails to fill a structure
+field looked at by xen_blkbk_unmap_prepare() before inspecting the
+handle which does get properly set (to BLKBACK_INVALID_HANDLE).
+
+Since the earlier exiting from the ad-hoc loop requires the same field
+filling (invalidation) as that on the out-of-memory path, fold both
+paths. While doing so, drop the pr_alert(), as extra log messages aren't
+going to help the situation (the kernel will log oom conditions already
+anyway).
+
+This is XSA-365.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Reviewed-by: Julien Grall <julien@xen.org>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/block/xen-blkback/blkback.c | 26 ++++++++++++++++----------
+ 1 file changed, 16 insertions(+), 10 deletions(-)
+
+--- a/drivers/block/xen-blkback/blkback.c
++++ b/drivers/block/xen-blkback/blkback.c
+@@ -794,8 +794,13 @@ again:
+ pages[i]->persistent_gnt = persistent_gnt;
+ } else {
+ if (gnttab_page_cache_get(&ring->free_pages,
+- &pages[i]->page))
+- goto out_of_memory;
++ &pages[i]->page)) {
++ gnttab_page_cache_put(&ring->free_pages,
++ pages_to_gnt,
++ segs_to_map);
++ ret = -ENOMEM;
++ goto out;
++ }
+ addr = vaddr(pages[i]->page);
+ pages_to_gnt[segs_to_map] = pages[i]->page;
+ pages[i]->persistent_gnt = NULL;
+@@ -880,17 +885,18 @@ next:
+ }
+ segs_to_map = 0;
+ last_map = map_until;
+- if (map_until != num)
++ if (!ret && map_until != num)
+ goto again;
+
+- return ret;
+-
+-out_of_memory:
+- pr_alert("%s: out of memory\n", __func__);
+- gnttab_page_cache_put(&ring->free_pages, pages_to_gnt, segs_to_map);
+- for (i = last_map; i < num; i++)
++out:
++ for (i = last_map; i < num; i++) {
++ /* Don't zap current batch's valid persistent grants. */
++ if(i >= last_map + segs_to_map)
++ pages[i]->persistent_gnt = NULL;
+ pages[i]->handle = BLKBACK_INVALID_HANDLE;
+- return -ENOMEM;
++ }
++
++ return ret;
+ }
+
+ static int xen_blkbk_map_seg(struct pending_req *pending_req)
--- /dev/null
+From ebee0eab08594b2bd5db716288a4f1ae5936e9bc Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Mon, 15 Feb 2021 08:52:27 +0100
+Subject: Xen/gntdev: correct error checking in gntdev_map_grant_pages()
+
+From: Jan Beulich <jbeulich@suse.com>
+
+commit ebee0eab08594b2bd5db716288a4f1ae5936e9bc upstream.
+
+Failure of the kernel part of the mapping operation should also be
+indicated as an error to the caller, or else it may assume the
+respective kernel VA is okay to access.
+
+Furthermore gnttab_map_refs() failing still requires recording
+successfully mapped handles, so they can be unmapped subsequently. This
+in turn requires there to be a way to tell full hypercall failure from
+partial success - preset map_op status fields such that they won't
+"happen" to look as if the operation succeeded.
+
+Also again use GNTST_okay instead of implying its value (zero).
+
+This is part of XSA-361.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/xen/gntdev.c | 17 +++++++++--------
+ include/xen/grant_table.h | 1 +
+ 2 files changed, 10 insertions(+), 8 deletions(-)
+
+--- a/drivers/xen/gntdev.c
++++ b/drivers/xen/gntdev.c
+@@ -334,21 +334,22 @@ int gntdev_map_grant_pages(struct gntdev
+ pr_debug("map %d+%d\n", map->index, map->count);
+ err = gnttab_map_refs(map->map_ops, use_ptemod ? map->kmap_ops : NULL,
+ map->pages, map->count);
+- if (err)
+- return err;
+
+ for (i = 0; i < map->count; i++) {
+- if (map->map_ops[i].status) {
++ if (map->map_ops[i].status == GNTST_okay)
++ map->unmap_ops[i].handle = map->map_ops[i].handle;
++ else if (!err)
+ err = -EINVAL;
+- continue;
+- }
+
+ if (map->flags & GNTMAP_device_map)
+ map->unmap_ops[i].dev_bus_addr = map->map_ops[i].dev_bus_addr;
+
+- map->unmap_ops[i].handle = map->map_ops[i].handle;
+- if (use_ptemod)
+- map->kunmap_ops[i].handle = map->kmap_ops[i].handle;
++ if (use_ptemod) {
++ if (map->kmap_ops[i].status == GNTST_okay)
++ map->kunmap_ops[i].handle = map->kmap_ops[i].handle;
++ else if (!err)
++ err = -EINVAL;
++ }
+ }
+ return err;
+ }
+--- a/include/xen/grant_table.h
++++ b/include/xen/grant_table.h
+@@ -157,6 +157,7 @@ gnttab_set_map_op(struct gnttab_map_gran
+ map->flags = flags;
+ map->ref = ref;
+ map->dom = domid;
++ map->status = 1; /* arbitrary positive value */
+ }
+
+ static inline void
--- /dev/null
+From 3194a1746e8aabe86075fd3c5e7cf1f4632d7f16 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Mon, 15 Feb 2021 08:55:31 +0100
+Subject: xen-netback: don't "handle" error by BUG()
+
+From: Jan Beulich <jbeulich@suse.com>
+
+commit 3194a1746e8aabe86075fd3c5e7cf1f4632d7f16 upstream.
+
+In particular -ENOMEM may come back here, from set_foreign_p2m_mapping().
+Don't make problems worse, the more that handling elsewhere (together
+with map's status fields now indicating whether a mapping wasn't even
+attempted, and hence has to be considered failed) doesn't require this
+odd way of dealing with errors.
+
+This is part of XSA-362.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/xen-netback/netback.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/drivers/net/xen-netback/netback.c
++++ b/drivers/net/xen-netback/netback.c
+@@ -1342,13 +1342,11 @@ int xenvif_tx_action(struct xenvif_queue
+ return 0;
+
+ gnttab_batch_copy(queue->tx_copy_ops, nr_cops);
+- if (nr_mops != 0) {
++ if (nr_mops != 0)
+ ret = gnttab_map_refs(queue->tx_map_ops,
+ NULL,
+ queue->pages_to_map,
+ nr_mops);
+- BUG_ON(ret);
+- }
+
+ work_done = xenvif_tx_submit(queue);
+
--- /dev/null
+From 7c77474b2d22176d2bfb592ec74e0f2cb71352c9 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Mon, 15 Feb 2021 08:55:57 +0100
+Subject: xen-scsiback: don't "handle" error by BUG()
+
+From: Jan Beulich <jbeulich@suse.com>
+
+commit 7c77474b2d22176d2bfb592ec74e0f2cb71352c9 upstream.
+
+In particular -ENOMEM may come back here, from set_foreign_p2m_mapping().
+Don't make problems worse, the more that handling elsewhere (together
+with map's status fields now indicating whether a mapping wasn't even
+attempted, and hence has to be considered failed) doesn't require this
+odd way of dealing with errors.
+
+This is part of XSA-362.
+
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/xen/xen-scsiback.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/xen/xen-scsiback.c
++++ b/drivers/xen/xen-scsiback.c
+@@ -386,12 +386,12 @@ static int scsiback_gnttab_data_map_batc
+ return 0;
+
+ err = gnttab_map_refs(map, NULL, pg, cnt);
+- BUG_ON(err);
+ for (i = 0; i < cnt; i++) {
+ if (unlikely(map[i].status != GNTST_okay)) {
+ pr_err("invalid buffer -- could not remap it\n");
+ map[i].handle = SCSIBACK_INVALID_HANDLE;
+- err = -ENOMEM;
++ if (!err)
++ err = -ENOMEM;
+ } else {
+ get_page(pg[i]);
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
