[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 10/32] xen_disk: mark ioreq as mapped before unmappi
|
From: |
Michael Roth |
|
Subject: |
[Qemu-devel] [PATCH 10/32] xen_disk: mark ioreq as mapped before unmapping in error case |
|
Date: |
Wed, 4 Dec 2013 08:34:17 -0600 |
From: Matthew Daley <address@hidden>
Commit 4472beae modified the semantics of ioreq_{un,}map so that they are
idempotent if called when they're not needed (ie., twice in a row). However,
it neglected to handle the case where batch mapping is not being used (the
default), and one of the grants fails to map. In this case, ioreq_unmap will
be called to unwind and unmap any mappings already performed, but ioreq_unmap
simply returns due to the aforementioned change (the ioreq has not already
been marked as mapped).
The frontend user can therefore force xen_disk to leak grant mappings, a
per-domain limited resource.
Fix by marking the ioreq as mapped before calling ioreq_unmap in this
situation.
Signed-off-by: Matthew Daley <address@hidden>
Signed-off-by: Stefano Stabellini <address@hidden>
(cherry picked from commit a76f48e53382e6f039db6278443e3ce437653302)
Signed-off-by: Michael Roth <address@hidden>
---
hw/block/xen_disk.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index 727f433..03e30d7 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -405,6 +405,7 @@ static int ioreq_map(struct ioreq *ioreq)
xen_be_printf(&ioreq->blkdev->xendev, 0,
"can't map grant ref %d (%s, %d maps)\n",
refs[i], strerror(errno),
ioreq->blkdev->cnt_map);
+ ioreq->mapped = 1;
ioreq_unmap(ioreq);
return -1;
}
--
1.7.9.5
- [Qemu-devel] Patch Round-up for stable 1.6.2, freeze on 2013-12-06, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 04/32] tests: Fix schema parser test for in-tree build, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 01/32] char: move backends' io watch tag to CharDriverState, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 05/32] tests: Update .gitignore for test-int128 and test-bitops, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 03/32] char: remove watch callback on chardev detach from frontend, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 02/32] char: use common function to disable callbacks on chardev close, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 07/32] bitops: Add rotate functions (rol8, ror8, ...), Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 06/32] tci: Add implementation of rotl_i64, rotr_i64, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 09/32] qemu-char: Fix potential out of bounds access to local arrays, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 10/32] xen_disk: mark ioreq as mapped before unmapping in error case,
Michael Roth <=
- [Qemu-devel] [PATCH 08/32] misc: Use new rotate functions, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 12/32] audio: honor QEMU_AUDIO_TIMER_PERIOD instead of waking up every *nano* second, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 30/32] qdev-monitor: Unref device when device_add fails, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 31/32] pci: unregister vmstate_pcibus on unplug, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 32/32] rng-egd: offset the point when repeatedly read from the buffer, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 29/32] qdev-monitor: Fix crash when device_add is called with abstract driver, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 26/32] vfio-pci: Fix multifunction=on, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 28/32] qom: Fix memory leak in object_property_set_link(), Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 13/32] monitor: eliminate monitor_event_state_lock, Michael Roth, 2013/12/04
- [Qemu-devel] [PATCH 27/32] virtio-net: fix the memory leak in rxfilter_notify(), Michael Roth, 2013/12/04