[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.8] xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken

commit 9f092f57d2829a271233aef1d1df0bff84275122
Author:     Julien Grall <julien.grall@xxxxxxx>
AuthorDate: Thu Sep 14 16:39:01 2017 +0100
Commit:     Stefano Stabellini <sstabellini@xxxxxxxxxx>
CommitDate: Tue Oct 10 17:20:40 2017 -0700

    xen/arm: p2m: Read *_mapped_gfn with the p2m lock taken
    
    *_mapped_gfn are currently read before acquiring the lock. However, they
    may be modified by the p2m code before the lock was acquired. This means
    we will use the wrong values.
    
    Fix it by moving the read inside the section protected by the p2m lock.
    
    Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
    Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
    Signed-off-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
    (cherry picked from commit 2c2ae1976da06283e923d97720c0bdcbebf04515)
---
 xen/arch/arm/p2m.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
index 720ef13..820f2c1 100644
--- a/xen/arch/arm/p2m.c
+++ b/xen/arch/arm/p2m.c
@@ -1384,13 +1384,13 @@ int relinquish_p2m_mapping(struct domain *d)
     p2m_type_t t;
     int rc = 0;
     unsigned int order;
-
-    /* Convenience alias */
-    gfn_t start = p2m->lowest_mapped_gfn;
-    gfn_t end = p2m->max_mapped_gfn;
+    gfn_t start, end;
 
     p2m_write_lock(p2m);
 
+    start = p2m->lowest_mapped_gfn;
+    end = p2m->max_mapped_gfn;
+
     for ( ; gfn_x(start) < gfn_x(end);
           start = gfn_next_boundary(start, order) )
     {
@@ -1445,9 +1445,6 @@ int p2m_cache_flush(struct domain *d, gfn_t start, 
unsigned long nr)
     p2m_type_t t;
     unsigned int order;
 
-    start = gfn_max(start, p2m->lowest_mapped_gfn);
-    end = gfn_min(end, p2m->max_mapped_gfn);
-
     /*
      * The operation cache flush will invalidate the RAM assigned to the
      * guest in a given range. It will not modify the page table and
@@ -1456,6 +1453,9 @@ int p2m_cache_flush(struct domain *d, gfn_t start, 
unsigned long nr)
      */
     p2m_read_lock(p2m);
 
+    start = gfn_max(start, p2m->lowest_mapped_gfn);
+    end = gfn_min(end, p2m->max_mapped_gfn);
+
     for ( ; gfn_x(start) < gfn_x(end); start = next_gfn )
     {
         mfn_t mfn = p2m_get_entry(p2m, start, &t, NULL, &order);
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.8

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.