From nobody Sun May 5 16:26:40 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1566999271; cv=none; d=zoho.com; s=zohoarc; b=jmmTiYgfas9LsOSgHmKoK0RQaXy/4cPy3khULFRPk+sGFqb9BMmpg65oFsDrzYdzbeKvXnMPVoNGc0dBklg2tu9e3bqcgFHbUKEvr2NG/MDN+pNDhNjvhsWFLMHgRvWOAZ8HJp77XzHNMScoievC9yANuPWphjt/YdzqW5rPKCQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566999271; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=8G+GyOfP/DrHxjKNVx8DcuNJjPn0YAeH3UVXokYaNng=; b=L4WcuvVGwCngzUDlU0mnQqq5wOuYUX7l1sZA5nQbKtnVkECzlhfUC/Zm8Mca9Kwmr4HTLEBhCcFIF9YrCGApXI+w7ez6mBGCFuLytTZ4ebU04ixH0VfR/kD7jRGhi9Zrd5DW9eMwU22Up3M56nLvraKGi8s0jixxSSUIrHI8B70= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 156699927105443.961306964462665; Wed, 28 Aug 2019 06:34:31 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1i2y4I-0002rK-TU; Wed, 28 Aug 2019 13:32:58 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1i2y4G-0002rF-S4 for xen-devel@lists.xenproject.org; Wed, 28 Aug 2019 13:32:56 +0000 Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 54be8c22-c998-11e9-ae47-12813bfff9fa; Wed, 28 Aug 2019 13:32:51 +0000 (UTC) X-Inumbo-ID: 54be8c22-c998-11e9-ae47-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1566999171; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=/068+CO6TdnmMa7GZxD3ArDWsWLKpUMC4SThtuD8aUI=; b=cwuBiPNXPXoKI325zToA4Ymdy++EVjmCHBZyKVKYBo2eNe5QtJL3cUzn liWncyKZGGHHvUHver+moFHBTfyK1QWfbRtYZWfMFWZgdRXDk4RiM2E8V lceYUafSkkaB8ZHF+wxKBgei2GIW6obl9P5GPj2eciGnJqgs8QtAfH2vt o=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=roger.pau@citrix.com; spf=Pass smtp.mailfrom=roger.pau@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of roger.pau@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="roger.pau@citrix.com"; x-sender="roger.pau@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa1.hc3370-68.iphmx.com: domain of roger.pau@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="roger.pau@citrix.com"; x-sender="roger.pau@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa1.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa1.hc3370-68.iphmx.com; envelope-from="roger.pau@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: 2PTQZ1xoPIm72KPgH/euNy25NBSPbBdnzHYw12eiXcmm2LEnih/CZ7QkKg+2nvw8OoMNHuvE4E Xzgqww9tAGCo5RHuIERRUNy/sZYU++B6pBqtYwjQDJq8ZYg0fphUkd6ZLiqARc+3VLQIazRjAE 90Cb9ML9p1LfgfTJnvmwk/RXBjcLlPeisUadiTYHfGmtAf1y0FbJmghcyOB2DT4TeEpf6f4qFs ErRB9sshU8ykNMbRTid5HjJS1jwr5G1eOeEw37MsXS/tWuAuo9GX1eoSjQuEcBOmRVthPvxy2T csc= X-SBRS: 2.7 X-MesageID: 4871379 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.64,441,1559534400"; d="scan'208";a="4871379" From: Roger Pau Monne To: Date: Wed, 28 Aug 2019 15:32:29 +0200 Message-ID: <20190828133229.86085-1-roger.pau@citrix.com> X-Mailer: git-send-email 2.22.0 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH] Partially revert "x86/mm: Clean IOMMU flags from p2m-pt code" X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Wei Liu , George Dunlap , Andrew Cooper , Jan Beulich , Alexandru Stefan ISAILA , Roger Pau Monne Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) This partially reverts commit 854a49a7486a02edae5b3e53617bace526e9c1b1 by re-adding the logic that propagates changes to the domain physmap done by p2m_pt_set_entry into the iommu page tables. Without this logic changes to the guest physmap are not propagated to the iommu, leaving stale iommu entries that can leak data, or failing to add new entries. Note that this commit doesn't re-introduce iommu flags to the cpu page table entries, since the logic to add/remove entries to the iommu page tables is based on the p2m type and the mfn. Fixes: 854a49a7486a02 ('x86/mm: Clean IOMMU flags from p2m-pt code') Signed-off-by: Roger Pau Monn=C3=A9 --- Cc: Alexandru Stefan ISAILA --- xen/arch/x86/mm/p2m-pt.c | 50 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/mm/p2m-pt.c b/xen/arch/x86/mm/p2m-pt.c index 3a0a500d66..4526998b86 100644 --- a/xen/arch/x86/mm/p2m-pt.c +++ b/xen/arch/x86/mm/p2m-pt.c @@ -35,6 +35,7 @@ #include #include #include +#include =20 #include "mm-locks.h" =20 @@ -508,7 +509,18 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, m= fn_t mfn, l2_pgentry_t l2e_content; l3_pgentry_t l3e_content; int rc; - unsigned int flags; + unsigned int iommu_pte_flags =3D p2m_get_iommu_flags(p2mt, mfn); + /* + * old_mfn and iommu_old_flags control possible flush/update needs on = the + * IOMMU: We need to flush when MFN or flags (i.e. permissions) change. + * iommu_old_flags being initialized to zero covers the case of the en= try + * getting replaced being a non-present (leaf or intermediate) one. For + * present leaf entries the real value will get calculated below, while + * for present intermediate entries ~0 (guaranteed !=3D iommu_pte_flag= s) + * will be used (to cover all cases of what the leaf entries underneath + * the intermediate one might be). + */ + unsigned int flags, iommu_old_flags =3D 0; unsigned long old_mfn =3D mfn_x(INVALID_MFN); =20 if ( !sve ) @@ -556,9 +568,17 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, m= fn_t mfn, if ( flags & _PAGE_PRESENT ) { if ( flags & _PAGE_PSE ) + { old_mfn =3D l1e_get_pfn(*p2m_entry); + iommu_old_flags =3D + p2m_get_iommu_flags(p2m_flags_to_type(flags), + _mfn(old_mfn)); + } else + { + iommu_old_flags =3D ~0; intermediate_entry =3D *p2m_entry; + } } =20 check_entry(mfn, p2mt, p2m_flags_to_type(flags), page_order); @@ -594,6 +614,9 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, mf= n_t mfn, 0, L1_PAGETABLE_ENTRIES); ASSERT(p2m_entry); old_mfn =3D l1e_get_pfn(*p2m_entry); + iommu_old_flags =3D + p2m_get_iommu_flags(p2m_flags_to_type(l1e_get_flags(*p2m_entry= )), + _mfn(old_mfn)); =20 if ( mfn_valid(mfn) || p2m_allows_invalid_mfn(p2mt) ) entry_content =3D p2m_l1e_from_pfn(mfn_x(mfn), @@ -617,9 +640,17 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, m= fn_t mfn, if ( flags & _PAGE_PRESENT ) { if ( flags & _PAGE_PSE ) + { old_mfn =3D l1e_get_pfn(*p2m_entry); + iommu_old_flags =3D + p2m_get_iommu_flags(p2m_flags_to_type(flags), + _mfn(old_mfn)); + } else + { + iommu_old_flags =3D ~0; intermediate_entry =3D *p2m_entry; + } } =20 check_entry(mfn, p2mt, p2m_flags_to_type(flags), page_order); @@ -640,9 +671,24 @@ p2m_pt_set_entry(struct p2m_domain *p2m, gfn_t gfn_, m= fn_t mfn, && (gfn + (1UL << page_order) - 1 > p2m->max_mapped_pfn) ) p2m->max_mapped_pfn =3D gfn + (1UL << page_order) - 1; =20 + if ( iommu_enabled && (iommu_old_flags !=3D iommu_pte_flags || + old_mfn !=3D mfn_x(mfn)) ) + { + ASSERT(rc =3D=3D 0); + + if ( need_iommu_pt_sync(p2m->domain) ) + rc =3D iommu_pte_flags ? + iommu_legacy_map(d, _dfn(gfn), mfn, page_order, + iommu_pte_flags) : + iommu_legacy_unmap(d, _dfn(gfn), page_order); + else if ( iommu_use_hap_pt(d) && iommu_old_flags ) + amd_iommu_flush_pages(p2m->domain, gfn, page_order); + } + /* * Free old intermediate tables if necessary. This has to be the - * last thing we do so as to avoid a potential use-after-free. + * last thing we do, after removal from the IOMMU tables, so as to + * avoid a potential use-after-free. */ if ( l1e_get_flags(intermediate_entry) & _PAGE_PRESENT ) p2m_free_entry(p2m, &intermediate_entry, page_order); --=20 2.22.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel