[xen stable-4.8] x86/mm: Don't perform flush after failing to update a guests L1e

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[xen stable-4.8] x86/mm: Don't perform flush after failing to update a guests L1e

patchbot
commit 538c7c754a53cb0b57a955cf5c1e09c318664f72
Author:     Andrew Cooper <[hidden email]>
AuthorDate: Tue Nov 20 15:57:06 2018 +0100
Commit:     Jan Beulich <[hidden email]>
CommitDate: Tue Nov 20 15:57:06 2018 +0100

    x86/mm: Don't perform flush after failing to update a guests L1e
   
    If the L1e update hasn't occured, the flush cannot do anything useful.  This
    skips the potentially expensive vcpumask_to_pcpumask() conversion, and
    broadcast TLB shootdown.
   
    More importantly however, we might be in the error path due to a bad va
    parameter from the guest, and this should not propagate into the TLB flushing
    logic.  The INVPCID instruction for example raises #GP for a non-canonical
    address.
   
    This is XSA-279.
   
    Reported-by: Matthew Daley <[hidden email]>
    Signed-off-by: Andrew Cooper <[hidden email]>
    Reviewed-by: Jan Beulich <[hidden email]>
    master commit: 6c8d50288722672ecc8e19b0741a31b521d01706
    master date: 2018-11-20 14:58:41 +0100
---
 xen/arch/x86/mm.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 66530c8a9b..642dde4911 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -4840,6 +4840,14 @@ static int __do_update_va_mapping(
     if ( pl1e )
         guest_unmap_l1e(pl1e);
 
+    /*
+     * Any error at this point means that we haven't change the l1e.  Skip the
+     * flush, as it won't do anything useful.  Furthermore, va is guest
+     * controlled and not necesserily audited by this point.
+     */
+    if ( rc )
+        return rc;
+
     switch ( flags & UVMF_FLUSHTYPE_MASK )
     {
     case UVMF_TLB_FLUSH:
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.8

_______________________________________________
Xen-changelog mailing list
[hidden email]
https://lists.xenproject.org/xen-changelog