[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] x86/PoD: correct ordering of checks in p2m_pod_zero_check()

To: xen-changelog@xxxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Fri, 10 Apr 2020 16:33:42 +0000
Delivery-date: Fri, 10 Apr 2020 16:33:44 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit 9be0b2747bc7381c684cfbdd3fa2e40badefbeef
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Apr 8 13:12:28 2020 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Apr 8 13:12:28 2020 +0200

    x86/PoD: correct ordering of checks in p2m_pod_zero_check()
    
    Commit 0537d246f8db ("mm: add 'is_special_page' inline function...")
    moved the is_special_page() checks first in its respective changes to
    PoD code. While this is fine for p2m_pod_zero_check_superpage(), the
    validity of the MFN is inferred in both cases from the p2m_is_ram()
    check, which therefore also needs to come first in this 2nd instance.
    
    Take the opportunity and address latent UB here as well - transform
    the MFN into struct page_info * only after having established that
    this is a valid page.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Paul Durrant <paul@xxxxxxx>
    Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 xen/arch/x86/mm/p2m-pod.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/xen/arch/x86/mm/p2m-pod.c b/xen/arch/x86/mm/p2m-pod.c
index 36bc471e7f..48e609d1ed 100644
--- a/xen/arch/x86/mm/p2m-pod.c
+++ b/xen/arch/x86/mm/p2m-pod.c
@@ -877,23 +877,25 @@ p2m_pod_zero_check(struct p2m_domain *p2m, const gfn_t 
*gfns, unsigned int count
     for ( i = 0; i < count; i++ )
     {
         p2m_access_t a;
-        struct page_info *pg;
 
         mfns[i] = p2m->get_entry(p2m, gfns[i], types + i, &a,
                                  0, NULL, NULL);
-        pg = mfn_to_page(mfns[i]);
 
         /*
          * If this is ram, and not a pagetable or a special page, and
          * probably not mapped elsewhere, map it; otherwise, skip.
          */
-        if ( !is_special_page(pg) && p2m_is_ram(types[i]) &&
-             (pg->count_info & PGC_allocated) &&
-             !(pg->count_info & PGC_page_table) &&
-             ((pg->count_info & PGC_count_mask) <= max_ref) )
-            map[i] = map_domain_page(mfns[i]);
-        else
-            map[i] = NULL;
+        map[i] = NULL;
+        if ( p2m_is_ram(types[i]) )
+        {
+            const struct page_info *pg = mfn_to_page(mfns[i]);
+
+            if ( !is_special_page(pg) &&
+                 (pg->count_info & PGC_allocated) &&
+                 !(pg->count_info & PGC_page_table) &&
+                 ((pg->count_info & PGC_count_mask) <= max_ref) )
+                map[i] = map_domain_page(mfns[i]);
+        }
     }
 
     /*
--
generated by git-patchbot for /home/xen/git/xen.git#master

Prev by Date: [xen master] x86/HVM: __hvm_copy()'s size parameter is an unsigned quantity
Next by Date: [xen staging-4.13] xen/arm: Handle unimplemented VGICv3 registers as RAZ/WI
Previous by thread: [xen master] x86/HVM: __hvm_copy()'s size parameter is an unsigned quantity
Next by thread: [xen staging-4.13] xen/arm: Handle unimplemented VGICv3 registers as RAZ/WI
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.