The contents of the output arrays are undefined in both cases anyway
when the operation itself gets marked as failed. There's no value in
trying to continue after a guest memory access failure.
Signed-off-by: Jan Beulich <jbeul...@suse.com>
---
There's also a curious difference between the two sub-ops wrt the use of
SHARED_M2P().
--- a/xen/common/compat/grant_table.c
+++ b/xen/common/compat/grant_table.c
@@ -170,17 +170,14 @@ int compat_grant_table_op(unsigned int c
if ( rc == 0 )
{
#define XLAT_gnttab_setup_table_HNDL_frame_list(_d_, _s_) \
- do \
- { \
- if ( (_s_)->status == GNTST_okay ) \
+ do { \
+ for ( i = 0; (_s_)->status == GNTST_okay && \
+ i < (_s_)->nr_frames; ++i ) \
{ \
- for ( i = 0; i < (_s_)->nr_frames; ++i ) \
- { \
- unsigned int frame = (_s_)->frame_list.p[i]; \
- if ( __copy_to_compat_offset((_d_)->frame_list, \
- i, &frame, 1) ) \
- (_s_)->status = GNTST_bad_virt_addr; \
- } \
+ compat_pfn_t frame = (_s_)->frame_list.p[i]; \
+ if ( __copy_to_compat_offset((_d_)->frame_list, \
+ i, &frame, 1) ) \
+ (_s_)->status = GNTST_bad_virt_addr; \
} \
} while (0)
XLAT_gnttab_setup_table(&cmp.setup, nat.setup);
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -2103,7 +2103,10 @@ gnttab_setup_table(
BUG_ON(SHARED_M2P(gmfn));
if ( __copy_to_guest_offset(op.frame_list, i, &gmfn, 1) )
+ {
op.status = GNTST_bad_virt_addr;
+ break;
+ }
}
unlock:
@@ -3289,17 +3292,15 @@ gnttab_get_status_frames(XEN_GUEST_HANDL
"status frames, but has only %u\n",
d->domain_id, op.nr_frames, nr_status_frames(gt));
op.status = GNTST_general_error;
- goto unlock;
}
- for ( i = 0; i < op.nr_frames; i++ )
+ for ( i = 0; op.status == GNTST_okay && i < op.nr_frames; i++ )
{
gmfn = gfn_x(gnttab_status_gfn(d, gt, i));
if ( __copy_to_guest_offset(op.frame_list, i, &gmfn, 1) )
op.status = GNTST_bad_virt_addr;
}
- unlock:
grant_read_unlock(gt);
out2:
rcu_unlock_domain(d);
