[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.5] x86/mmuext: tighten TLB flush address checks

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Sun, 21 Feb 2016 03:33:25 +0000
Delivery-date: Sun, 21 Feb 2016 03:33:29 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit e7fa1af3b3eab2d22cf260e5f7f7b233ddd071cc
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Feb 17 16:46:25 2016 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Feb 17 16:46:25 2016 +0100

    x86/mmuext: tighten TLB flush address checks
    
    Addresses passed by PV guests should be subjected to __addr_ok(),
    avoiding undue TLB flushes.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: 828e114f7cdd9910483783ab0563b178325e579a
    master date: 2016-01-21 16:09:22 +0100
---
 xen/arch/x86/mm.c            | 13 +++++++------
 xen/include/asm-x86/paging.h |  4 +++-
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 51408cf..a25d792 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3203,8 +3203,9 @@ long do_mmuext_op(
         case MMUEXT_INVLPG_LOCAL:
             if ( unlikely(d != pg_owner) )
                 rc = -EPERM;
-            else if ( !paging_mode_enabled(d) ||
-                      paging_invlpg(curr, op.arg1.linear_addr) != 0 )
+            else if ( !paging_mode_enabled(d)
+                      ? __addr_ok(op.arg1.linear_addr)
+                      : paging_invlpg(curr, op.arg1.linear_addr) )
                 flush_tlb_one_local(op.arg1.linear_addr);
             break;
 
@@ -3225,7 +3226,7 @@ long do_mmuext_op(
 
             if ( op.cmd == MMUEXT_TLB_FLUSH_MULTI )
                 flush_tlb_mask(&pmask);
-            else
+            else if ( __addr_ok(op.arg1.linear_addr) )
                 flush_tlb_one_mask(&pmask, op.arg1.linear_addr);
             break;
         }
@@ -3238,10 +3239,10 @@ long do_mmuext_op(
             break;
     
         case MMUEXT_INVLPG_ALL:
-            if ( likely(d == pg_owner) )
-                flush_tlb_one_mask(d->domain_dirty_cpumask, 
op.arg1.linear_addr);
-            else
+            if ( unlikely(d != pg_owner) )
                 rc = -EPERM;
+            else if ( __addr_ok(op.arg1.linear_addr) )
+                flush_tlb_one_mask(d->domain_dirty_cpumask, 
op.arg1.linear_addr);
             break;
 
         case MMUEXT_FLUSH_CACHE:
diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h
index d456d7a..27a5497 100644
--- a/xen/include/asm-x86/paging.h
+++ b/xen/include/asm-x86/paging.h
@@ -238,7 +238,9 @@ paging_fault(unsigned long va, struct cpu_user_regs *regs)
  * or 0 if it's safe not to do so. */
 static inline int paging_invlpg(struct vcpu *v, unsigned long va)
 {
-    return is_canonical_address(va) && paging_get_hostmode(v)->invlpg(v, va);
+    return (paging_mode_external(v->domain) ? is_canonical_address(va)
+                                            : __addr_ok(va)) &&
+           paging_get_hostmode(v)->invlpg(v, va);
 }
 
 /* Translate a guest virtual address to the frame number that the
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.5

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

Prev by Date: [Xen-changelog] [xen stable-4.5] x86/VMX: sanitize rIP before re-entering guest
Next by Date: [Xen-changelog] [xen stable-4.5] x86: fix (and simplify) MTRR overlap checking
Previous by thread: [Xen-changelog] [xen stable-4.5] x86/VMX: sanitize rIP before re-entering guest
Next by thread: [Xen-changelog] [xen stable-4.5] x86: fix (and simplify) MTRR overlap checking
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.