tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE

The error paths of gntdev_mmap() can call unmap_grant_pages() even
though not all of the pages have been successfully mapped. This will
trigger the WARN_ON()s in __unmap_grant_pages_done(). The number of
warnings can be very large; I have observed thousands of lines of
warnings in the systemd journal.

Avoid this problem by only warning on unmapping failure if the handle
being unmapped is not INVALID_GRANT_HANDLE. The handle field of any
page that was not successfully mapped will be INVALID_GRANT_HANDLE, so
this catches all cases where unmapping can legitimately fail.

Fixes: dbe97cff7dd9 ("xen/gntdev: Avoid blocking in unmap_grant_pages()")
Cc: stable@vger.kernel.org
Suggested-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Link: https://lore.kernel.org/r/20220710230522.1563-1-demi@invisiblethingslab.com
Signed-off-by: Juergen Gross <jgross@suse.com>

authored by

Demi Marie Obenour and committed by
Juergen Gross 166d3863 dbe97cff

+4 -2
+4 -2
drivers/xen/gntdev.c
··· 396 396 unsigned int offset = data->unmap_ops - map->unmap_ops; 397 397 398 398 for (i = 0; i < data->count; i++) { 399 - WARN_ON(map->unmap_ops[offset+i].status); 399 + WARN_ON(map->unmap_ops[offset + i].status != GNTST_okay && 400 + map->unmap_ops[offset + i].handle != INVALID_GRANT_HANDLE); 400 401 pr_debug("unmap handle=%d st=%d\n", 401 402 map->unmap_ops[offset+i].handle, 402 403 map->unmap_ops[offset+i].status); 403 404 map->unmap_ops[offset+i].handle = INVALID_GRANT_HANDLE; 404 405 if (use_ptemod) { 405 - WARN_ON(map->kunmap_ops[offset+i].status); 406 + WARN_ON(map->kunmap_ops[offset + i].status != GNTST_okay && 407 + map->kunmap_ops[offset + i].handle != INVALID_GRANT_HANDLE); 406 408 pr_debug("kunmap handle=%u st=%d\n", 407 409 map->kunmap_ops[offset+i].handle, 408 410 map->kunmap_ops[offset+i].status);