Commit f5949983 authored by Souptick Joarder's avatar Souptick Joarder Committed by Greg Kroah-Hartman
Browse files

xen/gntdev.c: Mark pages as dirty

commit 779055842da5b2e508f3ccf9a8153cb1f704f566 upstream.

There seems to be a bug in the original code when gntdev_get_page()
is called with writeable=true then the page needs to be marked dirty
before being put.

To address this, a bool writeable is added in gnt_dev_copy_batch, set
it in gntdev_grant_copy_seg() (and drop `writeable` argument to
gntdev_get_page()) and then, based on batch->writeable, use
set_page_dirty_lock().

Fixes: a4cdb556

 (xen/gntdev: add ioctl for grant copy)
Suggested-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: default avatarSouptick Joarder <jrdr.linux@gmail.com>
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Juergen Gross <jgross@suse.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/1599375114-32360-1-git-send-email-jrdr.linux@gmail.com

Reviewed-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 67e326e4
...@@ -720,17 +720,18 @@ struct gntdev_copy_batch { ...@@ -720,17 +720,18 @@ struct gntdev_copy_batch {
s16 __user *status[GNTDEV_COPY_BATCH]; s16 __user *status[GNTDEV_COPY_BATCH];
unsigned int nr_ops; unsigned int nr_ops;
unsigned int nr_pages; unsigned int nr_pages;
bool writeable;
}; };
static int gntdev_get_page(struct gntdev_copy_batch *batch, void __user *virt, static int gntdev_get_page(struct gntdev_copy_batch *batch, void __user *virt,
bool writeable, unsigned long *gfn) unsigned long *gfn)
{ {
unsigned long addr = (unsigned long)virt; unsigned long addr = (unsigned long)virt;
struct page *page; struct page *page;
unsigned long xen_pfn; unsigned long xen_pfn;
int ret; int ret;
ret = get_user_pages_fast(addr, 1, writeable ? FOLL_WRITE : 0, &page); ret = get_user_pages_fast(addr, 1, batch->writeable ? FOLL_WRITE : 0, &page);
if (ret < 0) if (ret < 0)
return ret; return ret;
...@@ -746,9 +747,13 @@ static void gntdev_put_pages(struct gntdev_copy_batch *batch) ...@@ -746,9 +747,13 @@ static void gntdev_put_pages(struct gntdev_copy_batch *batch)
{ {
unsigned int i; unsigned int i;
for (i = 0; i < batch->nr_pages; i++) for (i = 0; i < batch->nr_pages; i++) {
if (batch->writeable && !PageDirty(batch->pages[i]))
set_page_dirty_lock(batch->pages[i]);
put_page(batch->pages[i]); put_page(batch->pages[i]);
}
batch->nr_pages = 0; batch->nr_pages = 0;
batch->writeable = false;
} }
static int gntdev_copy(struct gntdev_copy_batch *batch) static int gntdev_copy(struct gntdev_copy_batch *batch)
...@@ -837,8 +842,9 @@ static int gntdev_grant_copy_seg(struct gntdev_copy_batch *batch, ...@@ -837,8 +842,9 @@ static int gntdev_grant_copy_seg(struct gntdev_copy_batch *batch,
virt = seg->source.virt + copied; virt = seg->source.virt + copied;
off = (unsigned long)virt & ~XEN_PAGE_MASK; off = (unsigned long)virt & ~XEN_PAGE_MASK;
len = min(len, (size_t)XEN_PAGE_SIZE - off); len = min(len, (size_t)XEN_PAGE_SIZE - off);
batch->writeable = false;
ret = gntdev_get_page(batch, virt, false, &gfn); ret = gntdev_get_page(batch, virt, &gfn);
if (ret < 0) if (ret < 0)
return ret; return ret;
...@@ -856,8 +862,9 @@ static int gntdev_grant_copy_seg(struct gntdev_copy_batch *batch, ...@@ -856,8 +862,9 @@ static int gntdev_grant_copy_seg(struct gntdev_copy_batch *batch,
virt = seg->dest.virt + copied; virt = seg->dest.virt + copied;
off = (unsigned long)virt & ~XEN_PAGE_MASK; off = (unsigned long)virt & ~XEN_PAGE_MASK;
len = min(len, (size_t)XEN_PAGE_SIZE - off); len = min(len, (size_t)XEN_PAGE_SIZE - off);
batch->writeable = true;
ret = gntdev_get_page(batch, virt, true, &gfn); ret = gntdev_get_page(batch, virt, &gfn);
if (ret < 0) if (ret < 0)
return ret; return ret;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment