[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging-4.13] x86/P2M: relax guarding of MMIO entries



commit 3bac7235971f8d3469cba8eac7b32f00f540abad
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Sep 8 14:56:16 2021 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Sep 8 14:56:16 2021 +0200

    x86/P2M: relax guarding of MMIO entries
    
    One of the changes comprising the fixes for XSA-378 disallows replacing
    MMIO mappings by code paths not intended for this purpose. At least in
    the case of PVH Dom0 hitting an RMRR covered by an E820 ACPI region,
    this is too strict. Generally short-circuit requests establishing the
    same kind of mapping (mfn, type), but allow permissions to differ.
    
    While there, also add a log message to the other domain_crash()
    invocation that did prevent PVH Dom0 from coming up after the XSA-378
    changes.
    
    Fixes: 753cb68e6530 ("x86/p2m: guard (in particular) identity mapping 
entries")
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: 111469cc7b3f586c2335e70205320ed3c828b89e
    master date: 2021-09-07 09:39:38 +0200
---
 xen/arch/x86/mm/p2m.c | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c
index 2e4d6e52a2..a68b4fe526 100644
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -938,9 +938,13 @@ guest_physmap_add_entry(struct domain *d, gfn_t gfn, mfn_t 
mfn,
         if ( p2m_is_special(ot) )
         {
             /* Don't permit unmapping grant/foreign/direct-MMIO this way. */
-            domain_crash(d);
             p2m_unlock(p2m);
-            
+            printk(XENLOG_G_ERR
+                   "%pd: GFN %#lx (%#lx,%u,%u) -> (%#lx,%u,%u) not 
permitted\n",
+                   d, gfn_x(gfn) + i,
+                   mfn_x(omfn), ot, a,
+                   mfn_x(mfn) + i, t, p2m->default_access);
+            domain_crash(d);
             return -EPERM;
         }
         else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) )
@@ -1284,9 +1288,24 @@ static int set_typed_p2m_entry(struct domain *d, 
unsigned long gfn_l,
     }
     if ( p2m_is_special(ot) )
     {
-        gfn_unlock(p2m, gfn, order);
-        domain_crash(d);
-        return -EPERM;
+        /* Special-case (almost) identical mappings. */
+        if ( !mfn_eq(mfn, omfn) || gfn_p2mt != ot )
+        {
+            gfn_unlock(p2m, gfn, order);
+            printk(XENLOG_G_ERR
+                   "%pd: GFN %#lx (%#lx,%u,%u,%u) -> (%#lx,%u,%u,%u) not 
permitted\n",
+                   d, gfn_l,
+                   mfn_x(omfn), cur_order, ot, a,
+                   mfn_x(mfn), order, gfn_p2mt, access);
+            domain_crash(d);
+            return -EPERM;
+        }
+
+        if ( access == a )
+        {
+            gfn_unlock(p2m, gfn, order);
+            return 0;
+        }
     }
     else if ( p2m_is_ram(ot) )
     {
--
generated by git-patchbot for /home/xen/git/xen.git#staging-4.13



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.