misc: mic: scif: Fix error handling path

Inside __scif_pin_pages(), when map_flags != SCIF_MAP_KERNEL it
will call pin_user_pages_fast() to map nr_pages. However,
pin_user_pages_fast() might fail with a return value -ERRNO.

The return value is stored in pinned_pages->nr_pages. which in
turn is passed to unpin_user_pages(), which expects
pinned_pages->nr_pages >=0, else disaster.

Fix this by assigning pinned_pages->nr_pages to 0 if
pin_user_pages_fast() returns -ERRNO.

Fixes: ba612aa8b4 ("misc: mic: SCIF memory registration and unregistration")
Cc: John Hubbard <jhubbard@nvidia.com>
Cc: Ira Weiny <ira.weiny@intel.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: John Hubbard <jhubbard@nvidia.com>
Signed-off-by: Souptick Joarder <jrdr.linux@gmail.com>
Link: https://lore.kernel.org/r/1600570295-29546-1-git-send-email-jrdr.linux@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Souptick Joarder 2020-09-20 08:21:35 +05:30 committed by Greg Kroah-Hartman
parent a2e7408cf8
commit a81072a9c0

View File

@ -1392,6 +1392,8 @@ retry:
(prot & SCIF_PROT_WRITE) ? FOLL_WRITE : 0, (prot & SCIF_PROT_WRITE) ? FOLL_WRITE : 0,
pinned_pages->pages); pinned_pages->pages);
if (nr_pages != pinned_pages->nr_pages) { if (nr_pages != pinned_pages->nr_pages) {
if (pinned_pages->nr_pages < 0)
pinned_pages->nr_pages = 0;
if (try_upgrade) { if (try_upgrade) {
if (ulimit) if (ulimit)
__scif_dec_pinned_vm_lock(mm, nr_pages); __scif_dec_pinned_vm_lock(mm, nr_pages);
@ -1408,7 +1410,6 @@ retry:
if (pinned_pages->nr_pages < nr_pages) { if (pinned_pages->nr_pages < nr_pages) {
err = -EFAULT; err = -EFAULT;
pinned_pages->nr_pages = nr_pages;
goto dec_pinned; goto dec_pinned;
} }
@ -1421,7 +1422,6 @@ dec_pinned:
__scif_dec_pinned_vm_lock(mm, nr_pages); __scif_dec_pinned_vm_lock(mm, nr_pages);
/* Something went wrong! Rollback */ /* Something went wrong! Rollback */
error_unmap: error_unmap:
pinned_pages->nr_pages = nr_pages;
scif_destroy_pinned_pages(pinned_pages); scif_destroy_pinned_pages(pinned_pages);
*pages = NULL; *pages = NULL;
dev_dbg(scif_info.mdev.this_device, dev_dbg(scif_info.mdev.this_device,