| |
|
 |
|
 |
|
|
|
| |
|
|
xen-devel
[Xen-devel] [PATCH 1/7] xen-gntdev: Fix circular locking dependency
apply_to_page_range will acquire PTE lock while priv->lock is held,
and mn_invl_range_start tries to acquire priv->lock with PTE already
held. Fix by not holding priv->lock during the entire map operation.
This is safe because map->vma is set nonzero while the lock is held,
which will cause subsequent maps to fail and will cause the unmap
ioctl (and other users of gntdev_del_map) to return -EBUSY until the
area is unmapped. It is similarly impossible for gntdev_vma_close to
be called while the vma is still being created.
Signed-off-by: Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>
---
drivers/xen/gntdev.c | 19 +++++++++----------
1 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/xen/gntdev.c b/drivers/xen/gntdev.c
index 35de6bb..387c5f1 100644
--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -608,23 +608,22 @@ static int gntdev_mmap(struct file *flip, struct
vm_area_struct *vma)
if (!(vma->vm_flags & VM_WRITE))
map->flags |= GNTMAP_readonly;
+ spin_unlock(&priv->lock);
+
err = apply_to_page_range(vma->vm_mm, vma->vm_start,
vma->vm_end - vma->vm_start,
find_grant_ptes, map);
- if (err) {
- goto unlock_out;
- if (debug)
- printk("%s: find_grant_ptes() failure.\n",
__FUNCTION__);
- }
+ if (err)
+ return err;
err = map_grant_pages(map);
- if (err) {
- goto unlock_out;
- if (debug)
- printk("%s: map_grant_pages() failure.\n",
__FUNCTION__);
- }
+ if (err)
+ return err;
+
map->is_mapped = 1;
+ return 0;
+
unlock_out:
spin_unlock(&priv->lock);
return err;
--
1.7.2.3
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
| |
|
Home