diff options
author | Matthew Daley <mattjd@gmail.com> | 2013-10-10 14:10:48 +0000 |
---|---|---|
committer | Michael Roth <mdroth@linux.vnet.ibm.com> | 2013-12-03 14:07:20 -0600 |
commit | 99b5b999a4fc03ad6164b71af97406657c1ff14a (patch) | |
tree | 4de28673b44597b81f69b969d70f8ac5fc3c5f5a /hw/block | |
parent | 78bd79fac33a56156d1d05a7f0547a0b7c282225 (diff) | |
download | qemu-99b5b999a4fc03ad6164b71af97406657c1ff14a.tar.gz |
xen_disk: mark ioreq as mapped before unmapping in error case
Commit 4472beae modified the semantics of ioreq_{un,}map so that they are
idempotent if called when they're not needed (ie., twice in a row). However,
it neglected to handle the case where batch mapping is not being used (the
default), and one of the grants fails to map. In this case, ioreq_unmap will
be called to unwind and unmap any mappings already performed, but ioreq_unmap
simply returns due to the aforementioned change (the ioreq has not already
been marked as mapped).
The frontend user can therefore force xen_disk to leak grant mappings, a
per-domain limited resource.
Fix by marking the ioreq as mapped before calling ioreq_unmap in this
situation.
Signed-off-by: Matthew Daley <mattjd@gmail.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
(cherry picked from commit a76f48e53382e6f039db6278443e3ce437653302)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Diffstat (limited to 'hw/block')
-rw-r--r-- | hw/block/xen_disk.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/block/xen_disk.c b/hw/block/xen_disk.c index 727f4331c0..03e30d7cd3 100644 --- a/hw/block/xen_disk.c +++ b/hw/block/xen_disk.c @@ -405,6 +405,7 @@ static int ioreq_map(struct ioreq *ioreq) xen_be_printf(&ioreq->blkdev->xendev, 0, "can't map grant ref %d (%s, %d maps)\n", refs[i], strerror(errno), ioreq->blkdev->cnt_map); + ioreq->mapped = 1; ioreq_unmap(ioreq); return -1; } |