From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 15 Aug 2017 13:08:03 +0000 (+0200)
Subject: gnttab: correct pin status fixup for copy
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~1692
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6e2a4c73564ab907b732059adb317d6ca2d138a2;p=xen.git

gnttab: correct pin status fixup for copy

Regardless of copy operations only setting GNTPIN_hst*, GNTPIN_dev*
also need to be taken into account when deciding whether to clear
_GTF_{read,writ}ing. At least for consistency with code elsewhere the
read part better doesn't use any mask at all.

This is XSA-230.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index ee33bd8762..0f9dd1e706 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -2124,10 +2124,10 @@ __release_grant_for_copy(
 static void __fixup_status_for_copy_pin(const struct active_grant_entry *act,
                                    uint16_t *status)
 {
-    if ( !(act->pin & GNTPIN_hstw_mask) )
+    if ( !(act->pin & (GNTPIN_hstw_mask | GNTPIN_devw_mask)) )
         gnttab_clear_flag(_GTF_writing, status);
 
-    if ( !(act->pin & GNTPIN_hstr_mask) )
+    if ( !act->pin )
         gnttab_clear_flag(_GTF_reading, status);
 }
 
@@ -2335,7 +2335,7 @@ __acquire_grant_for_copy(
  
  unlock_out_clear:
     if ( !(readonly) &&
-         !(act->pin & GNTPIN_hstw_mask) )
+         !(act->pin & (GNTPIN_hstw_mask | GNTPIN_devw_mask)) )
         gnttab_clear_flag(_GTF_writing, status);
 
     if ( !act->pin )