Site Navigation

Date:      Mon, 27 Feb 2017 15:31:15 +0000 (UTC)
From:      =?UTF-8?Q?Roger_Pau_Monn=c3=a9?= <royger@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r314340 - head/sys/dev/xen/gntdev
Message-ID:  <201702271531.v1RFVFUa036205@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: royger
Date: Mon Feb 27 15:31:15 2017
New Revision: 314340
URL: https://svnweb.freebsd.org/changeset/base/314340

Log:
  xen/gntdev: prevent unsynchronized accesses to the map entry
  
  vm_map_lookup_done should only be called when the gntdev has finished poking at
  the entry.
  
  Reported by:	alc
  Reviewed by:	alc
  MFC after:	1 week
  Sponsored by:	Citrix Systems R&D

Modified:
  head/sys/dev/xen/gntdev/gntdev.c

Modified: head/sys/dev/xen/gntdev/gntdev.c
==============================================================================
--- head/sys/dev/xen/gntdev/gntdev.c	Mon Feb 27 15:30:27 2017	(r314339)
+++ head/sys/dev/xen/gntdev/gntdev.c	Mon Feb 27 15:31:15 2017	(r314340)
@@ -743,26 +743,34 @@ gntdev_get_offset_for_vaddr(struct ioctl
 	vm_prot_t prot;
 	boolean_t wired;
 	struct gntdev_gmap *gmap;
+	int rc;
 
 	map = &td->td_proc->p_vmspace->vm_map;
 	error = vm_map_lookup(&map, arg->vaddr, VM_PROT_NONE, &entry,
 		    &mem, &pindex, &prot, &wired);
 	if (error != KERN_SUCCESS)
 		return (EINVAL);
-	vm_map_lookup_done(map, entry);
 
 	if ((mem->type != OBJT_MGTDEVICE) ||
-	    (mem->un_pager.devp.ops != &gntdev_gmap_pg_ops))
-		return (EINVAL);
+	    (mem->un_pager.devp.ops != &gntdev_gmap_pg_ops)) {
+		rc = EINVAL;
+		goto out;
+	}
 
 	gmap = mem->handle;
 	if (gmap == NULL ||
-	    (entry->end - entry->start) != (gmap->count * PAGE_SIZE))
-		return (EINVAL);
+	    (entry->end - entry->start) != (gmap->count * PAGE_SIZE)) {
+		rc = EINVAL;
+		goto out;
+	}
 
 	arg->count = gmap->count;
 	arg->offset = gmap->file_index;
-	return (0);
+	rc = 0;
+
+out:
+	vm_map_lookup_done(map, entry);
+	return (rc);
 }
 
 /*-------------------- Grant Mapping Pager  ----------------------------------*/

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702271531.v1RFVFUa036205>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact