[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PULL 1/2] xen_disk: mark ioreq as mapped before unmapping
|
From: |
Stefano Stabellini |
|
Subject: |
[Qemu-stable] [PULL 1/2] xen_disk: mark ioreq as mapped before unmapping in error case |
|
Date: |
Thu, 10 Oct 2013 15:36:53 +0100 |
From: Matthew Daley <address@hidden>
Commit 4472beae modified the semantics of ioreq_{un,}map so that they are
idempotent if called when they're not needed (ie., twice in a row). However,
it neglected to handle the case where batch mapping is not being used (the
default), and one of the grants fails to map. In this case, ioreq_unmap will
be called to unwind and unmap any mappings already performed, but ioreq_unmap
simply returns due to the aforementioned change (the ioreq has not already
been marked as mapped).
The frontend user can therefore force xen_disk to leak grant mappings, a
per-domain limited resource.
Fix by marking the ioreq as mapped before calling ioreq_unmap in this
situation.
Signed-off-by: Matthew Daley <address@hidden>
Signed-off-by: Stefano Stabellini <address@hidden>
CC: address@hidden
---
hw/block/xen_disk.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c
index f35fc59..8742294 100644
--- a/hw/block/xen_disk.c
+++ b/hw/block/xen_disk.c
@@ -405,6 +405,7 @@ static int ioreq_map(struct ioreq *ioreq)
xen_be_printf(&ioreq->blkdev->xendev, 0,
"can't map grant ref %d (%s, %d maps)\n",
refs[i], strerror(errno),
ioreq->blkdev->cnt_map);
+ ioreq->mapped = 1;
ioreq_unmap(ioreq);
return -1;
}
--
1.7.2.5
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-stable] [PULL 1/2] xen_disk: mark ioreq as mapped before unmapping in error case,
Stefano Stabellini <=