[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.12] IOMMU: suppress "iommu_dont_flush_iotlb" when about to free a page



commit 37f45de9083eea558437c6175884d31642671d7d
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Oct 20 15:02:14 2020 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Oct 20 15:02:14 2020 +0200

    IOMMU: suppress "iommu_dont_flush_iotlb" when about to free a page
    
    Deferring flushes to a single, wide range one - as is done when
    handling XENMAPSPACE_gmfn_range - is okay only as long as
    pages don't get freed ahead of the eventual flush. While the only
    function setting the flag (xenmem_add_to_physmap()) suggests by its name
    that it's only mapping new entries, in reality the way
    xenmem_add_to_physmap_one() works means an unmap would happen not only
    for the page being moved (but not freed) but, if the destination GFN is
    populated, also for the page being displaced from that GFN. Collapsing
    the two flushes for this GFN into just one (end even more so deferring
    it to a batched invocation) is not correct.
    
    This is part of XSA-346.
    
    Fixes: cf95b2a9fd5a ("iommu: Introduce per cpu flag 
(iommu_dont_flush_iotlb) to avoid unnecessary iotlb... ")
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Paul Durrant <paul@xxxxxxx>
    Acked-by: Julien Grall <jgrall@xxxxxxxxxx>
    master commit: dea460d86957bf1425a8a1572626099ac3f165a8
    master date: 2020-10-20 14:21:09 +0200
---
 xen/common/memory.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/xen/common/memory.c b/xen/common/memory.c
index ff88ebb314..212b293bd8 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -300,6 +300,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn)
     p2m_type_t p2mt;
 #endif
     mfn_t mfn;
+    bool *dont_flush_p, dont_flush;
     int rc;
 
 #ifdef CONFIG_X86
@@ -386,8 +387,18 @@ int guest_remove_page(struct domain *d, unsigned long gmfn)
         return -ENXIO;
     }
 
+    /*
+     * Since we're likely to free the page below, we need to suspend
+     * xenmem_add_to_physmap()'s suppressing of IOMMU TLB flushes.
+     */
+    dont_flush_p = &this_cpu(iommu_dont_flush_iotlb);
+    dont_flush = *dont_flush_p;
+    *dont_flush_p = false;
+
     rc = guest_physmap_remove_page(d, _gfn(gmfn), mfn, 0);
 
+    *dont_flush_p = dont_flush;
+
     /*
      * With the lack of an IOMMU on some platforms, domains with DMA-capable
      * device must retrieve the same pfn when the hypercall populate_physmap
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.12



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.