[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.12] xen/arm: p2m: Free the p2m entry after flushing the IOMMU TLBs

commit 9f746892c4a841a489e12d52adb35e667849bb65
Author:     Julien Grall <julien.grall@xxxxxxx>
AuthorDate: Fri Aug 9 13:59:15 2019 +0100
Commit:     Stefano Stabellini <sstabellini@xxxxxxxxxx>
CommitDate: Tue Oct 29 11:01:02 2019 -0700

    xen/arm: p2m: Free the p2m entry after flushing the IOMMU TLBs
    
    When freeing a p2m entry, all the sub-tree behind it will also be freed.
    This may include intermediate page-tables or any l3 entry requiring to
    drop a reference (e.g for foreign pages). As soon as pages are freed,
    they may be re-used by Xen or another domain. Therefore it is necessary
    to flush *all* the TLBs beforehand.
    
    While CPU TLBs will be flushed before freeing the pages, this is not
    the case for IOMMU TLBs. This can be solved by moving the IOMMU TLBs
    flush earlier in the code.
    
    This wasn't considered as a security issue as device passthrough on Arm
    is not security supported.
    
    Signed-off-by: Julien Grall <julien.grall@xxxxxxx>
    Tested-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>
    Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx>
    Release-acked-by: Juergen Gross <jgross@xxxxxxxx>
    (cherry picked from commit 671878779741b38c5f2363adceef8de2ce0b3945)
---
 xen/arch/arm/p2m.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c
index c38bd7e16e..c73ece966a 100644
--- a/xen/arch/arm/p2m.c
+++ b/xen/arch/arm/p2m.c
@@ -1063,14 +1063,6 @@ static int __p2m_set_entry(struct p2m_domain *p2m,
         p2m->lowest_mapped_gfn = gfn_min(p2m->lowest_mapped_gfn, sgfn);
     }
 
-    /*
-     * Free the entry only if the original pte was valid and the base
-     * is different (to avoid freeing when permission is changed).
-     */
-    if ( p2m_is_valid(orig_pte) &&
-         !mfn_eq(lpae_get_mfn(*entry), lpae_get_mfn(orig_pte)) )
-        p2m_free_entry(p2m, orig_pte, level);
-
     if ( has_iommu_pt(p2m->domain) &&
          (lpae_is_valid(orig_pte) || lpae_is_valid(*entry)) )
     {
@@ -1087,6 +1079,14 @@ static int __p2m_set_entry(struct p2m_domain *p2m,
     else
         rc = 0;
 
+    /*
+     * Free the entry only if the original pte was valid and the base
+     * is different (to avoid freeing when permission is changed).
+     */
+    if ( p2m_is_valid(orig_pte) &&
+         !mfn_eq(lpae_get_mfn(*entry), lpae_get_mfn(orig_pte)) )
+        p2m_free_entry(p2m, orig_pte, level);
+
 out:
     unmap_domain_page(table);
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.12

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.