From: Juergen Gross <jgross@xxxxxxxx> commit ce6b8ccdef959ba86b2711e090e84a987a000bf7 upstream. Commit 4573240f0764 ("xen/xenbus: eliminate xenbus_grant_ring()") introduced an error for initialization of multi-page rings. Cc: stable@xxxxxxxxxxxxxxx Fixes: 4573240f0764 ("xen/xenbus: eliminate xenbus_grant_ring()") Reported-by: Sander Eikelenboom <linux@xxxxxxxxxxxxxx> Signed-off-by: Juergen Gross <jgross@xxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx> Signed-off-by: Juergen Gross <jgross@xxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/xen/xenbus/xenbus_client.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c index d5f3f763717e..d4b251925796 100644 --- a/drivers/xen/xenbus/xenbus_client.c +++ b/drivers/xen/xenbus/xenbus_client.c @@ -382,9 +382,10 @@ int xenbus_setup_ring(struct xenbus_device *dev, gfp_t gfp, void **vaddr, unsigned long ring_size = nr_pages * XEN_PAGE_SIZE; grant_ref_t gref_head; unsigned int i; + void *addr; int ret; - *vaddr = alloc_pages_exact(ring_size, gfp | __GFP_ZERO); + addr = *vaddr = alloc_pages_exact(ring_size, gfp | __GFP_ZERO); if (!*vaddr) { ret = -ENOMEM; goto err; @@ -401,13 +402,15 @@ int xenbus_setup_ring(struct xenbus_device *dev, gfp_t gfp, void **vaddr, unsigned long gfn; if (is_vmalloc_addr(*vaddr)) - gfn = pfn_to_gfn(vmalloc_to_pfn(vaddr[i])); + gfn = pfn_to_gfn(vmalloc_to_pfn(addr)); else - gfn = virt_to_gfn(vaddr[i]); + gfn = virt_to_gfn(addr); grefs[i] = gnttab_claim_grant_reference(&gref_head); gnttab_grant_foreign_access_ref(grefs[i], dev->otherend_id, gfn, 0); + + addr += XEN_PAGE_SIZE; } return 0; -- 2.37.3