[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.8] x86/mm: Don't perform flush after failing to update a guests L1e



commit 538c7c754a53cb0b57a955cf5c1e09c318664f72
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Tue Nov 20 15:57:06 2018 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Nov 20 15:57:06 2018 +0100

    x86/mm: Don't perform flush after failing to update a guests L1e
    
    If the L1e update hasn't occured, the flush cannot do anything useful.  This
    skips the potentially expensive vcpumask_to_pcpumask() conversion, and
    broadcast TLB shootdown.
    
    More importantly however, we might be in the error path due to a bad va
    parameter from the guest, and this should not propagate into the TLB 
flushing
    logic.  The INVPCID instruction for example raises #GP for a non-canonical
    address.
    
    This is XSA-279.
    
    Reported-by: Matthew Daley <mattd@xxxxxxxxxxx>
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    master commit: 6c8d50288722672ecc8e19b0741a31b521d01706
    master date: 2018-11-20 14:58:41 +0100
---
 xen/arch/x86/mm.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 66530c8a9b..642dde4911 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -4840,6 +4840,14 @@ static int __do_update_va_mapping(
     if ( pl1e )
         guest_unmap_l1e(pl1e);
 
+    /*
+     * Any error at this point means that we haven't change the l1e.  Skip the
+     * flush, as it won't do anything useful.  Furthermore, va is guest
+     * controlled and not necesserily audited by this point.
+     */
+    if ( rc )
+        return rc;
+
     switch ( flags & UVMF_FLUSHTYPE_MASK )
     {
     case UVMF_TLB_FLUSH:
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.8

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.