[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.4] x86/HVM: restrict HVMOP_set_mem_type



commit c9732f814a22337c6427a24be6ead993e656290a
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Apr 29 15:27:22 2014 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Apr 29 15:27:22 2014 +0200

    x86/HVM: restrict HVMOP_set_mem_type
    
    Permitting arbitrary type changes here has the potential of creating
    present P2M (and hence EPT/NPT/IOMMU) entries pointing to an invalid
    MFN (INVALID_MFN truncated to the respective hardware structure field's
    width). This would become a problem the latest when something real sat
    at the end of the physical address space; I'm suspecting though that
    other things might break with such bogus entries.
    
    Along with that drop a bogus (and otherwise becoming stale) log
    message.
    
    Afaict the similar operation in p2m_set_mem_access() is safe.
    
    This is XSA-92.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Tim Deegan <tim@xxxxxxx>
    master commit: 83bb5eb4d340acebf27b34108fb1dae062146a68
    master date: 2014-04-29 15:11:31 +0200
---
 xen/arch/x86/hvm/hvm.c |    6 ++----
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 93d49ec..a4114aa 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4414,12 +4414,10 @@ long do_hvm_op(unsigned long op, 
XEN_GUEST_HANDLE_PARAM(void) arg)
                 rc = -EINVAL;
                 goto param_fail4;
             } 
-            if ( p2m_is_grant(t) )
+            if ( !p2m_is_ram(t) &&
+                 (!p2m_is_hole(t) || a.hvmmem_type != HVMMEM_mmio_dm) )
             {
                 put_gfn(d, pfn);
-                gdprintk(XENLOG_WARNING,
-                         "type for pfn %#lx changed to grant while "
-                         "we were working?\n", pfn);
                 goto param_fail4;
             }
             else
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.4

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.