diff options
Diffstat (limited to '0063-xen-gnttab-fix-gnttab_acquire_resource.patch')
-rw-r--r-- | 0063-xen-gnttab-fix-gnttab_acquire_resource.patch | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/0063-xen-gnttab-fix-gnttab_acquire_resource.patch b/0063-xen-gnttab-fix-gnttab_acquire_resource.patch new file mode 100644 index 0000000..0d58157 --- /dev/null +++ b/0063-xen-gnttab-fix-gnttab_acquire_resource.patch @@ -0,0 +1,69 @@ +From 3ac64b3751837a117ee3dfb3e2cc27057a83d0f7 Mon Sep 17 00:00:00 2001 +From: Juergen Gross <jgross@suse.com> +Date: Tue, 11 Oct 2022 15:16:53 +0200 +Subject: [PATCH 63/67] xen/gnttab: fix gnttab_acquire_resource() + +Commit 9dc46386d89d ("gnttab: work around "may be used uninitialized" +warning") was wrong, as vaddrs can legitimately be NULL in case +XENMEM_resource_grant_table_id_status was specified for a grant table +v1. This would result in crashes in debug builds due to +ASSERT_UNREACHABLE() triggering. + +Check vaddrs only to be NULL in the rc == 0 case. + +Expand the tests in tools/tests/resource to tickle this path, and verify that +using XENMEM_resource_grant_table_id_status on a v1 grant table fails. + +Fixes: 9dc46386d89d ("gnttab: work around "may be used uninitialized" warning") +Signed-off-by: Juergen Gross <jgross@suse.com> +Reviewed-by: Jan Beulich <jbeulich@suse.com> # xen +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> +master commit: 52daa6a8483e4fbd6757c9d1b791e23931791608 +master date: 2022-09-09 16:28:38 +0100 +--- + tools/tests/resource/test-resource.c | 15 +++++++++++++++ + xen/common/grant_table.c | 2 +- + 2 files changed, 16 insertions(+), 1 deletion(-) + +diff --git a/tools/tests/resource/test-resource.c b/tools/tests/resource/test-resource.c +index 1caaa60e62d9..bf485baff2b4 100644 +--- a/tools/tests/resource/test-resource.c ++++ b/tools/tests/resource/test-resource.c +@@ -63,6 +63,21 @@ static void test_gnttab(uint32_t domid, unsigned int nr_frames) + rc = xenforeignmemory_unmap_resource(fh, res); + if ( rc ) + return fail(" Fail: Unmap %d - %s\n", errno, strerror(errno)); ++ ++ /* ++ * Verify that an attempt to map the status frames fails, as the domain is ++ * in gnttab v1 mode. ++ */ ++ res = xenforeignmemory_map_resource( ++ fh, domid, XENMEM_resource_grant_table, ++ XENMEM_resource_grant_table_id_status, 0, 1, ++ (void **)&gnttab, PROT_READ | PROT_WRITE, 0); ++ ++ if ( res ) ++ { ++ fail(" Fail: Managed to map gnttab v2 status frames in v1 mode\n"); ++ xenforeignmemory_unmap_resource(fh, res); ++ } + } + + static void test_domain_configurations(void) +diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c +index 0523beb9b734..01e426c67fb6 100644 +--- a/xen/common/grant_table.c ++++ b/xen/common/grant_table.c +@@ -4138,7 +4138,7 @@ int gnttab_acquire_resource( + * on non-error paths, and hence it needs setting to NULL at the top of the + * function. Leave some runtime safety. + */ +- if ( !vaddrs ) ++ if ( !rc && !vaddrs ) + { + ASSERT_UNREACHABLE(); + rc = -ENODATA; +-- +2.37.3 + |