[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [for-4.15][PATCH v3 1/3] xen/iommu: x86: Clear the root page-table before freeing the page-tables

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Julien Grall <julien@xxxxxxx>
Date: Wed, 17 Feb 2021 15:00:37 +0000
Cc: hongyxia@xxxxxxxxxxxx, iwj@xxxxxxxxxxxxxx, Julien Grall <jgrall@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Paul Durrant <paul@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 17 Feb 2021 15:00:47 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Jan,

On 17/02/2021 14:54, Jan Beulich wrote:

On 17.02.2021 15:24, Julien Grall wrote:

--- a/xen/drivers/passthrough/x86/iommu.c
+++ b/xen/drivers/passthrough/x86/iommu.c
@@ -267,6 +267,15 @@ int iommu_free_pgtables(struct domain *d)
      struct page_info *pg;
      unsigned int done = 0;

+ if ( !is_iommu_enabled(d) )

+        return 0;
+
+    /*
+     * Pages will be moved to the free list below. So we want to
+     * clear the root page-table to avoid any potential use after-free.
+     */
+    hd->platform_ops->clear_root_pgtable(d);


Taking amd_iommu_alloc_root() as example, is this really correct

prior to what is now patch 2?


Yes, there are no more use-after-free...

What guarantees a new root table
won't get allocated subsequently?

It doesn't prevent root table allocation. I view the two as distinctsissues, hence the two patches.


Cheers,

--
Julien Grall

Follow-Ups:
- Re: [for-4.15][PATCH v3 1/3] xen/iommu: x86: Clear the root page-table before freeing the page-tables
  - From: Jan Beulich

References:
- [for-4.15][PATCH v3 0/3] xen/iommu: Collection of bug fixes for IOMMU teadorwn
  - From: Julien Grall
- [for-4.15][PATCH v3 1/3] xen/iommu: x86: Clear the root page-table before freeing the page-tables
  - From: Julien Grall
- Re: [for-4.15][PATCH v3 1/3] xen/iommu: x86: Clear the root page-table before freeing the page-tables
  - From: Jan Beulich

Prev by Date: Re: [for-4.15][PATCH v3 1/3] xen/iommu: x86: Clear the root page-table before freeing the page-tables
Next by Date: Re: [for-4.15][PATCH v3 2/3] xen/x86: iommu: Ignore IOMMU mapping requests when a domain is dying
Previous by thread: Re: [for-4.15][PATCH v3 1/3] xen/iommu: x86: Clear the root page-table before freeing the page-tables
Next by thread: Re: [for-4.15][PATCH v3 1/3] xen/iommu: x86: Clear the root page-table before freeing the page-tables
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.