|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] x86/mmuext: don't allow copying/clearing non-RAM pages
The two operations really aren't meant for anything else.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3229,6 +3229,7 @@ long do_mmuext_op(
switch ( op.cmd )
{
struct page_info *page;
+ p2m_type_t p2mt;
case MMUEXT_PIN_L1_TABLE:
type = PGT_l1_page_table;
@@ -3528,7 +3529,12 @@ long do_mmuext_op(
}
case MMUEXT_CLEAR_PAGE:
- page = get_page_from_gfn(pg_owner, op.arg1.mfn, NULL, P2M_ALLOC);
+ page = get_page_from_gfn(pg_owner, op.arg1.mfn, &p2mt, P2M_ALLOC);
+ if ( unlikely(p2mt != p2m_ram_rw) && page )
+ {
+ put_page(page);
+ page = NULL;
+ }
if ( !page || !get_page_type(page, PGT_writable_page) )
{
if ( page )
@@ -3551,8 +3557,13 @@ long do_mmuext_op(
{
struct page_info *src_page, *dst_page;
- src_page = get_page_from_gfn(pg_owner, op.arg2.src_mfn, NULL,
+ src_page = get_page_from_gfn(pg_owner, op.arg2.src_mfn, &p2mt,
P2M_ALLOC);
+ if ( unlikely(p2mt != p2m_ram_rw) && src_page )
+ {
+ put_page(src_page);
+ src_page = NULL;
+ }
if ( unlikely(!src_page) )
{
gdprintk(XENLOG_WARNING,
@@ -3562,8 +3573,13 @@ long do_mmuext_op(
break;
}
- dst_page = get_page_from_gfn(pg_owner, op.arg1.mfn, NULL,
+ dst_page = get_page_from_gfn(pg_owner, op.arg1.mfn, &p2mt,
P2M_ALLOC);
+ if ( unlikely(p2mt != p2m_ram_rw) && dst_page )
+ {
+ put_page(dst_page);
+ dst_page = NULL;
+ }
rc = (dst_page &&
get_page_type(dst_page, PGT_writable_page)) ? 0 : -EINVAL;
if ( unlikely(rc) )
Attachment:
x86-mmuext-copy-clear-RAM-only.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |