[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 00/14] XSA-277 followup

To: Xen-devel <xen-devel@xxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Wed, 21 Nov 2018 13:21:08 +0000
Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Brian Woods <brian.woods@xxxxxxx>, Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>, Paul Durrant <paul.durrant@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Wed, 21 Nov 2018 13:21:41 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This covers various fixes related to XSA-277 which weren't in security
supported areas, and associated cleanup.

The biggest issue noticed here is that altp2m's use of hardware #VE support
will cause general memory corruption if the guest ever balloons out the VEINFO
page.  The only safe way I think of doing this is for Xen to alloc annonymous
domheap pages for the VEINFO, and for the guest to map them in a similar way
to the shared info and grant table frames.

Andrew Cooper (14):
  x86/soft-reset: Drop gfn reference after calling get_gfn_query()
  x86/mem-sharing: Don't leave the altp2m lock held when nominating a page
  AMD/IOMMU: Fix multiple reference counting errors
  x86/p2m: Fix locking in p2m_altp2m_lazy_copy()
  x86/p2m: Don't overwrite p2m_altp2m_lazy_copy()'s callers p2m pointer
  x86/hvm: Make the altp2m locking easier to follow
  x86/p2m: Coding style cleanup
  xen/memory: Drop ARM put_gfn() stub
  x86/p2m: Switch the two_gfns infrastructure to using gfn_t
  x86/mm: Switch {get,put}_gfn() infrastructure to using gfn_t
  xen/mm: Switch mfn_to_virt()/virt_to_mfn() to using mfn_t
  xen/gnttab: Drop gnttab_create_{shared,status}_page()
  xen/gnttab: Simplify gnttab_map_frame()
  xen/gnttab: Minor improvements to arch header files

 xen/arch/arm/alternative.c                |   4 -
 xen/arch/arm/cpuerrata.c                  |   4 -
 xen/arch/arm/domain_build.c               |   4 -
 xen/arch/arm/livepatch.c                  |   4 -
 xen/arch/arm/mm.c                         |   6 -
 xen/arch/arm/setup.c                      |   4 +-
 xen/arch/x86/cpu/mcheck/mcaction.c        |   2 +-
 xen/arch/x86/cpu/mcheck/mce.c             |  14 +-
 xen/arch/x86/cpu/mcheck/vmce.c            |   4 +-
 xen/arch/x86/cpu/mcheck/vmce.h            |   2 +-
 xen/arch/x86/debug.c                      |   6 +-
 xen/arch/x86/domain.c                     |  23 ++--
 xen/arch/x86/domain_page.c                |  10 +-
 xen/arch/x86/domctl.c                     |   8 +-
 xen/arch/x86/guest/xen.c                  |   2 +-
 xen/arch/x86/hvm/dm.c                     |  12 +-
 xen/arch/x86/hvm/dom0_build.c             |   4 +-
 xen/arch/x86/hvm/emulate.c                |  16 +--
 xen/arch/x86/hvm/grant_table.c            |   4 +-
 xen/arch/x86/hvm/hvm.c                    |  50 +++----
 xen/arch/x86/hvm/mtrr.c                   |   2 +-
 xen/arch/x86/hvm/svm/svm.c                |   2 +-
 xen/arch/x86/hvm/vmx/vmx.c                |   7 +-
 xen/arch/x86/mm.c                         |  25 ++--
 xen/arch/x86/mm/hap/hap.c                 |   2 +-
 xen/arch/x86/mm/hap/nested_hap.c          |   6 +-
 xen/arch/x86/mm/mem_access.c              |   5 +-
 xen/arch/x86/mm/mem_sharing.c             |  33 ++---
 xen/arch/x86/mm/p2m.c                     | 115 ++++++++--------
 xen/arch/x86/mm/shadow/common.c           |   4 +-
 xen/arch/x86/mm/shadow/multi.c            |  68 +++++-----
 xen/arch/x86/mm/shadow/types.h            |   4 -
 xen/arch/x86/numa.c                       |   2 +-
 xen/arch/x86/pv/descriptor-tables.c       |   2 +-
 xen/arch/x86/pv/dom0_build.c              |   5 +-
 xen/arch/x86/pv/shim.c                    |   3 -
 xen/arch/x86/setup.c                      |  10 +-
 xen/arch/x86/srat.c                       |   2 +-
 xen/arch/x86/tboot.c                      |   4 +-
 xen/arch/x86/x86_64/mm.c                  |  10 +-
 xen/common/domctl.c                       |   2 +-
 xen/common/efi/boot.c                     |   7 +-
 xen/common/grant_table.c                  |  46 ++++---
 xen/common/memory.c                       |  39 ++++--
 xen/common/page_alloc.c                   |  10 +-
 xen/common/tmem.c                         |   2 +-
 xen/common/trace.c                        |  20 +--
 xen/common/xenoprof.c                     |   4 -
 xen/drivers/acpi/osl.c                    |   2 +-
 xen/drivers/passthrough/amd/iommu_guest.c | 218 +++++++++++++++++++-----------
 xen/include/asm-arm/grant_table.h         |  18 +--
 xen/include/asm-arm/mm.h                  |   8 +-
 xen/include/asm-x86/grant_table.h         |  23 +---
 xen/include/asm-x86/guest_pt.h            |   4 -
 xen/include/asm-x86/mm.h                  |   2 +-
 xen/include/asm-x86/p2m.h                 | 128 ++++++++++--------
 xen/include/asm-x86/page.h                |   4 +-
 xen/include/xen/domain_page.h             |   6 +-
 58 files changed, 533 insertions(+), 504 deletions(-)

-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 00/14] XSA-277 followup
  - From: Tamas K Lengyel
- [Xen-devel] [PATCH 10/14] x86/mm: Switch {get, put}_gfn() infrastructure to using gfn_t
  - From: Andrew Cooper
- [Xen-devel] [PATCH 12/14] xen/gnttab: Drop gnttab_create_{shared, status}_page()
  - From: Andrew Cooper
- [Xen-devel] [PATCH 11/14] xen/mm: Switch mfn_to_virt()/virt_to_mfn() to using mfn_t
  - From: Andrew Cooper
- [Xen-devel] [PATCH 13/14] xen/gnttab: Simplify gnttab_map_frame()
  - From: Andrew Cooper
- [Xen-devel] [PATCH 14/14] xen/gnttab: Minor improvements to arch header files
  - From: Andrew Cooper
- [Xen-devel] [PATCH 08/14] xen/memory: Drop ARM put_gfn() stub
  - From: Andrew Cooper
- [Xen-devel] [PATCH 09/14] x86/p2m: Switch the two_gfns infrastructure to using gfn_t
  - From: Andrew Cooper
- [Xen-devel] [PATCH 04/14] x86/p2m: Fix locking in p2m_altp2m_lazy_copy()
  - From: Andrew Cooper
- [Xen-devel] [PATCH 07/14] x86/p2m: Coding style cleanup
  - From: Andrew Cooper
- [Xen-devel] [PATCH 06/14] x86/hvm: Make the altp2m locking easier to follow
  - From: Andrew Cooper
- [Xen-devel] [PATCH 05/14] x86/p2m: Don't overwrite p2m_altp2m_lazy_copy()'s callers p2m pointer
  - From: Andrew Cooper
- [Xen-devel] [PATCH 03/14] AMD/IOMMU: Fix multiple reference counting errors
  - From: Andrew Cooper
- [Xen-devel] [PATCH 02/14] x86/mem-sharing: Don't leave the altp2m lock held when nominating a page
  - From: Andrew Cooper
- [Xen-devel] [PATCH 01/14] x86/soft-reset: Drop gfn reference after calling get_gfn_query()
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH V8 4/7] x86/p2m: refactor p2m_reset_altp2m()
Next by Date: [Xen-devel] [PATCH 01/14] x86/soft-reset: Drop gfn reference after calling get_gfn_query()
Previous by thread: [Xen-devel] [xen-unstable-smoke test] 130651: regressions - trouble: blocked/broken/fail/pass
Next by thread: [Xen-devel] [PATCH 01/14] x86/soft-reset: Drop gfn reference after calling get_gfn_query()
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.