[xen stable-4.7] common/gnttab: Correct error handling for gnttab_setup_table()

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[xen stable-4.7] common/gnttab: Correct error handling for gnttab_setup_table()

patchbot
commit 1967ced15a119d3ad1b5e6e6639ed03c41b7b713
Author:     Andrew Cooper <[hidden email]>
AuthorDate: Wed Dec 20 16:17:26 2017 +0100
Commit:     Jan Beulich <[hidden email]>
CommitDate: Wed Dec 20 16:17:26 2017 +0100

    common/gnttab: Correct error handling for gnttab_setup_table()
   
    Simplify the error labels to just "unlock" and "out".  This fixes an erroneous
    path where a failure of rcu_lock_domain_by_any_id() still results in
    rcu_unlock_domain() being called.
   
    This is only not an XSA by luck.  rcu_unlock_domain() is a nop other than
    decrementing the preempt count, and nothing reads the preempt count outside of
    a debug build.
   
    Signed-off-by: Andrew Cooper <[hidden email]>
    Reviewed-by: Jan Beulich <[hidden email]>
    master commit: 5e436e7a45082ea2cadc176c19e1df46c178448f
    master date: 2017-08-15 15:08:57 +0100
---
 xen/common/grant_table.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index 19fc356..fe70870 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -1614,7 +1614,7 @@ gnttab_setup_table(
     XEN_GUEST_HANDLE_PARAM(gnttab_setup_table_t) uop, unsigned int count)
 {
     struct gnttab_setup_table op;
-    struct domain *d;
+    struct domain *d = NULL;
     struct grant_table *gt;
     int            i;
     xen_pfn_t  gmfn;
@@ -1634,7 +1634,7 @@ gnttab_setup_table(
                 " per domain.\n",
                 max_grant_frames);
         op.status = GNTST_general_error;
-        goto out1;
+        goto out;
     }
 
     if ( !guest_handle_okay(op.frame_list, op.nr_frames) )
@@ -1645,13 +1645,13 @@ gnttab_setup_table(
     {
         gdprintk(XENLOG_INFO, "Bad domid %d.\n", op.dom);
         op.status = GNTST_bad_domain;
-        goto out2;
+        goto out;
     }
 
     if ( xsm_grant_setup(XSM_TARGET, current->domain, d) )
     {
         op.status = GNTST_permission_denied;
-        goto out2;
+        goto out;
     }
 
     gt = d->grant_table;
@@ -1669,7 +1669,7 @@ gnttab_setup_table(
                  "Expand grant table to %u failed. Current: %u Max: %u\n",
                  op.nr_frames, nr_grant_frames(gt), max_grant_frames);
         op.status = GNTST_general_error;
-        goto out3;
+        goto unlock;
     }
 
     op.status = GNTST_okay;
@@ -1682,11 +1682,12 @@ gnttab_setup_table(
             op.status = GNTST_bad_virt_addr;
     }
 
- out3:
+ unlock:
     grant_write_unlock(gt);
- out2:
-    rcu_unlock_domain(d);
- out1:
+ out:
+    if ( d )
+        rcu_unlock_domain(d);
+
     if ( unlikely(__copy_field_to_guest(uop, &op, status)) )
         return -EFAULT;
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.7

_______________________________________________
Xen-changelog mailing list
[hidden email]
https://lists.xenproject.org/xen-changelog