xen/560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch

# Commit 6c0e4ad60850032c9bbd5d18b8446421c97e08e4
# Date 2015-09-29 10:25:29 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/EPT: tighten conditions of IOMMU mapping updates

Permission changes should also result in updates or TLB flushes.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: George Dunlap <george.dunlap@citrix.com>

--- a/xen/arch/x86/mm/p2m-ept.c
+++ b/xen/arch/x86/mm/p2m-ept.c
@@ -619,6 +619,7 @@ ept_set_entry(struct p2m_domain *p2m, un
     uint8_t ipat = 0;
     int need_modify_vtd_table = 1;
     int vtd_pte_present = 0;
+    unsigned int iommu_flags = p2m_get_iommu_flags(p2mt);
     enum { sync_off, sync_on, sync_check } needs_sync = sync_check;
     ept_entry_t old_entry = { .epte = 0 };
     ept_entry_t new_entry = { .epte = 0 };
@@ -749,8 +750,9 @@ ept_set_entry(struct p2m_domain *p2m, un
         new_entry.mfn = mfn_x(mfn);
 
         /* Safe to read-then-write because we hold the p2m lock */
-        if ( ept_entry->mfn == new_entry.mfn )
-             need_modify_vtd_table = 0;
+        if ( ept_entry->mfn == new_entry.mfn &&
+             p2m_get_iommu_flags(ept_entry->sa_p2mt) == iommu_flags )
+            need_modify_vtd_table = 0;
 
         ept_p2m_type_to_flags(&new_entry, p2mt, p2ma);
     }
@@ -775,11 +777,9 @@ out:
             iommu_pte_flush(d, gfn, &ept_entry->epte, order, vtd_pte_present);
         else
         {
-            unsigned int flags = p2m_get_iommu_flags(p2mt);
-
-            if ( flags != 0 )
+            if ( iommu_flags )
                 for ( i = 0; i < (1 << order); i++ )
-                    iommu_map_page(d, gfn + i, mfn_x(mfn) + i, flags);
+                    iommu_map_page(d, gfn + i, mfn_x(mfn) + i, iommu_flags);
             else
                 for ( i = 0; i < (1 << order); i++ )
                     iommu_unmap_page(d, gfn + i);
- bsc#949046 - Increase %suse_version in SP1 to 1316 xen.spec - bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’ secondly show errors 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch - Upstream patches from Jan 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch - bsc#941074 - VmError: Device 51728 (vbd) could not be connected. Hotplug scripts not working. hotplug-Linux-block-performance-fix.patch - bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) CVE-2015-7311-xsa142.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=378 2015-10-06 17:11:48 +02:00			`# Commit 6c0e4ad60850032c9bbd5d18b8446421c97e08e4`
			`# Date 2015-09-29 10:25:29 +0200`
			`# Author Jan Beulich <jbeulich@suse.com>`
			`# Committer Jan Beulich <jbeulich@suse.com>`
			`x86/EPT: tighten conditions of IOMMU mapping updates`

			`Permission changes should also result in updates or TLB flushes.`

			`Signed-off-by: Jan Beulich <jbeulich@suse.com>`
			`Acked-by: Kevin Tian <kevin.tian@intel.com>`
			`Reviewed-by: George Dunlap <george.dunlap@citrix.com>`

			`--- a/xen/arch/x86/mm/p2m-ept.c`
			`+++ b/xen/arch/x86/mm/p2m-ept.c`
			`@@ -619,6 +619,7 @@ ept_set_entry(struct p2m_domain *p2m, un`
			`uint8_t ipat = 0;`
			`int need_modify_vtd_table = 1;`
			`int vtd_pte_present = 0;`
			`+ unsigned int iommu_flags = p2m_get_iommu_flags(p2mt);`
			`enum { sync_off, sync_on, sync_check } needs_sync = sync_check;`
			`ept_entry_t old_entry = { .epte = 0 };`
			`ept_entry_t new_entry = { .epte = 0 };`
			`@@ -749,8 +750,9 @@ ept_set_entry(struct p2m_domain *p2m, un`
			`new_entry.mfn = mfn_x(mfn);`

			`/* Safe to read-then-write because we hold the p2m lock */`
			`- if ( ept_entry->mfn == new_entry.mfn )`
			`- need_modify_vtd_table = 0;`
			`+ if ( ept_entry->mfn == new_entry.mfn &&`
			`+ p2m_get_iommu_flags(ept_entry->sa_p2mt) == iommu_flags )`
			`+ need_modify_vtd_table = 0;`

			`ept_p2m_type_to_flags(&new_entry, p2mt, p2ma);`
			`}`
			`@@ -775,11 +777,9 @@ out:`
			`iommu_pte_flush(d, gfn, &ept_entry->epte, order, vtd_pte_present);`
			`else`
			`{`
			`- unsigned int flags = p2m_get_iommu_flags(p2mt);`
			`-`
			`- if ( flags != 0 )`
			`+ if ( iommu_flags )`
			`for ( i = 0; i < (1 << order); i++ )`
			`- iommu_map_page(d, gfn + i, mfn_x(mfn) + i, flags);`
			`+ iommu_map_page(d, gfn + i, mfn_x(mfn) + i, iommu_flags);`
			`else`
			`for ( i = 0; i < (1 << order); i++ )`
			`iommu_unmap_page(d, gfn + i);`