tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus-5.12b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen fixes from Juergen Gross:
"Two security issues (XSA-367 and XSA-369)"

* tag 'for-linus-5.12b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen: fix p2m size in dom0 for disabled memory hotplug case
xen-netback: respect gnttab_map_refs()'s return value
Xen/gnttab: handle p2m update errors on a per-slot basis

Linus Torvalds c5a58f87 43df5242

+104 -34
+31 -4
arch/arm/xen/p2m.c
··· 93 93 int i; 94 94 95 95 for (i = 0; i < count; i++) { 96 + struct gnttab_unmap_grant_ref unmap; 97 + int rc; 98 + 96 99 if (map_ops[i].status) 97 100 continue; 98 - if (unlikely(!set_phys_to_machine(map_ops[i].host_addr >> XEN_PAGE_SHIFT, 99 - map_ops[i].dev_bus_addr >> XEN_PAGE_SHIFT))) { 100 - return -ENOMEM; 101 - } 101 + if (likely(set_phys_to_machine(map_ops[i].host_addr >> XEN_PAGE_SHIFT, 102 + map_ops[i].dev_bus_addr >> XEN_PAGE_SHIFT))) 103 + continue; 104 + 105 + /* 106 + * Signal an error for this slot. This in turn requires 107 + * immediate unmapping. 108 + */ 109 + map_ops[i].status = GNTST_general_error; 110 + unmap.host_addr = map_ops[i].host_addr, 111 + unmap.handle = map_ops[i].handle; 112 + map_ops[i].handle = ~0; 113 + if (map_ops[i].flags & GNTMAP_device_map) 114 + unmap.dev_bus_addr = map_ops[i].dev_bus_addr; 115 + else 116 + unmap.dev_bus_addr = 0; 117 + 118 + /* 119 + * Pre-populate the status field, to be recognizable in 120 + * the log message below. 121 + */ 122 + unmap.status = 1; 123 + 124 + rc = HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, 125 + &unmap, 1); 126 + if (rc || unmap.status != GNTST_okay) 127 + pr_err_once("gnttab unmap failed: rc=%d st=%d\n", 128 + rc, unmap.status); 102 129 } 103 130 104 131 return 0;
+12
arch/x86/include/asm/xen/page.h
··· 87 87 #endif 88 88 89 89 /* 90 + * The maximum amount of extra memory compared to the base size. The 91 + * main scaling factor is the size of struct page. At extreme ratios 92 + * of base:extra, all the base memory can be filled with page 93 + * structures for the extra memory, leaving no space for anything 94 + * else. 95 + * 96 + * 10x seems like a reasonable balance between scaling flexibility and 97 + * leaving a practically usable system. 98 + */ 99 + #define XEN_EXTRA_MEM_RATIO (10) 100 + 101 + /* 90 102 * Helper functions to write or read unsigned long values to/from 91 103 * memory, when the access may fault. 92 104 */
+47 -7
arch/x86/xen/p2m.c
··· 416 416 xen_p2m_last_pfn = xen_max_p2m_pfn; 417 417 418 418 p2m_limit = (phys_addr_t)P2M_LIMIT * 1024 * 1024 * 1024 / PAGE_SIZE; 419 + if (!p2m_limit && IS_ENABLED(CONFIG_XEN_UNPOPULATED_ALLOC)) 420 + p2m_limit = xen_start_info->nr_pages * XEN_EXTRA_MEM_RATIO; 421 + 419 422 vm.flags = VM_ALLOC; 420 423 vm.size = ALIGN(sizeof(unsigned long) * max(xen_max_p2m_pfn, p2m_limit), 421 424 PMD_SIZE * PMDS_PER_MID_PAGE); ··· 655 652 pte_t *ptep; 656 653 unsigned int level; 657 654 658 - if (unlikely(pfn >= xen_p2m_size)) { 659 - BUG_ON(mfn != INVALID_P2M_ENTRY); 660 - return true; 661 - } 655 + /* Only invalid entries allowed above the highest p2m covered frame. */ 656 + if (unlikely(pfn >= xen_p2m_size)) 657 + return mfn == INVALID_P2M_ENTRY; 662 658 663 659 /* 664 660 * The interface requires atomic updates on p2m elements. ··· 712 710 713 711 for (i = 0; i < count; i++) { 714 712 unsigned long mfn, pfn; 713 + struct gnttab_unmap_grant_ref unmap[2]; 714 + int rc; 715 715 716 716 /* Do not add to override if the map failed. */ 717 717 if (map_ops[i].status != GNTST_okay || ··· 731 727 732 728 WARN(pfn_to_mfn(pfn) != INVALID_P2M_ENTRY, "page must be ballooned"); 733 729 734 - if (unlikely(!set_phys_to_machine(pfn, FOREIGN_FRAME(mfn)))) { 735 - ret = -ENOMEM; 736 - goto out; 730 + if (likely(set_phys_to_machine(pfn, FOREIGN_FRAME(mfn)))) 731 + continue; 732 + 733 + /* 734 + * Signal an error for this slot. This in turn requires 735 + * immediate unmapping. 736 + */ 737 + map_ops[i].status = GNTST_general_error; 738 + unmap[0].host_addr = map_ops[i].host_addr, 739 + unmap[0].handle = map_ops[i].handle; 740 + map_ops[i].handle = ~0; 741 + if (map_ops[i].flags & GNTMAP_device_map) 742 + unmap[0].dev_bus_addr = map_ops[i].dev_bus_addr; 743 + else 744 + unmap[0].dev_bus_addr = 0; 745 + 746 + if (kmap_ops) { 747 + kmap_ops[i].status = GNTST_general_error; 748 + unmap[1].host_addr = kmap_ops[i].host_addr, 749 + unmap[1].handle = kmap_ops[i].handle; 750 + kmap_ops[i].handle = ~0; 751 + if (kmap_ops[i].flags & GNTMAP_device_map) 752 + unmap[1].dev_bus_addr = kmap_ops[i].dev_bus_addr; 753 + else 754 + unmap[1].dev_bus_addr = 0; 737 755 } 756 + 757 + /* 758 + * Pre-populate both status fields, to be recognizable in 759 + * the log message below. 760 + */ 761 + unmap[0].status = 1; 762 + unmap[1].status = 1; 763 + 764 + rc = HYPERVISOR_grant_table_op(GNTTABOP_unmap_grant_ref, 765 + unmap, 1 + !!kmap_ops); 766 + if (rc || unmap[0].status != GNTST_okay || 767 + unmap[1].status != GNTST_okay) 768 + pr_err_once("gnttab unmap failed: rc=%d st0=%d st1=%d\n", 769 + rc, unmap[0].status, unmap[1].status); 738 770 } 739 771 740 772 out:
+3 -22
arch/x86/xen/setup.c
··· 59 59 } xen_remap_buf __initdata __aligned(PAGE_SIZE); 60 60 static unsigned long xen_remap_mfn __initdata = INVALID_P2M_ENTRY; 61 61 62 - /* 63 - * The maximum amount of extra memory compared to the base size. The 64 - * main scaling factor is the size of struct page. At extreme ratios 65 - * of base:extra, all the base memory can be filled with page 66 - * structures for the extra memory, leaving no space for anything 67 - * else. 68 - * 69 - * 10x seems like a reasonable balance between scaling flexibility and 70 - * leaving a practically usable system. 71 - */ 72 - #define EXTRA_MEM_RATIO (10) 73 - 74 62 static bool xen_512gb_limit __initdata = IS_ENABLED(CONFIG_XEN_512GB); 75 63 76 64 static void __init xen_parse_512gb(void) ··· 778 790 extra_pages += max_pages - max_pfn; 779 791 780 792 /* 781 - * Clamp the amount of extra memory to a EXTRA_MEM_RATIO 782 - * factor the base size. On non-highmem systems, the base 783 - * size is the full initial memory allocation; on highmem it 784 - * is limited to the max size of lowmem, so that it doesn't 785 - * get completely filled. 793 + * Clamp the amount of extra memory to a XEN_EXTRA_MEM_RATIO 794 + * factor the base size. 786 795 * 787 796 * Make sure we have no memory above max_pages, as this area 788 797 * isn't handled by the p2m management. 789 - * 790 - * In principle there could be a problem in lowmem systems if 791 - * the initial memory is also very large with respect to 792 - * lowmem, but we won't try to deal with that here. 793 798 */ 794 - extra_pages = min3(EXTRA_MEM_RATIO * min(max_pfn, PFN_DOWN(MAXMEM)), 799 + extra_pages = min3(XEN_EXTRA_MEM_RATIO * min(max_pfn, PFN_DOWN(MAXMEM)), 795 800 extra_pages, max_pages - max_pfn); 796 801 i = 0; 797 802 addr = xen_e820_table.entries[0].addr;
+11 -1
drivers/net/xen-netback/netback.c
··· 1343 1343 return 0; 1344 1344 1345 1345 gnttab_batch_copy(queue->tx_copy_ops, nr_cops); 1346 - if (nr_mops != 0) 1346 + if (nr_mops != 0) { 1347 1347 ret = gnttab_map_refs(queue->tx_map_ops, 1348 1348 NULL, 1349 1349 queue->pages_to_map, 1350 1350 nr_mops); 1351 + if (ret) { 1352 + unsigned int i; 1353 + 1354 + netdev_err(queue->vif->dev, "Map fail: nr %u ret %d\n", 1355 + nr_mops, ret); 1356 + for (i = 0; i < nr_mops; ++i) 1357 + WARN_ON_ONCE(queue->tx_map_ops[i].status == 1358 + GNTST_okay); 1359 + } 1360 + } 1351 1361 1352 1362 work_done = xenvif_tx_submit(queue); 1353 1363