19d8f590f0
xen.spec - bsc#945167 - Running command ’ xl pci-assignable-add 03:10.1’ secondly show errors 55f7f9d2-libxl-slightly-refine-pci-assignable-add-remove-handling.patch - Upstream patches from Jan 55f2e438-x86-hvm-fix-saved-pmtimer-and-hpet-values.patch 55f9345b-x86-MSI-fail-if-no-hardware-support.patch 5604f239-x86-PV-properly-populate-descriptor-tables.patch 5604f2e6-vt-d-fix-IM-bit-mask-and-unmask-of-FECTL_REG.patch 560a4af9-x86-EPT-tighten-conditions-of-IOMMU-mapping-updates.patch 560a7c36-x86-p2m-pt-delay-freeing-of-intermediate-page-tables.patch 560a7c53-x86-p2m-pt-ignore-pt-share-flag-for-shadow-mode-guests.patch 560bd926-credit1-fix-tickling-when-it-happens-from-a-remote-pCPU.patch 560e6d34-x86-p2m-pt-tighten-conditions-of-IOMMU-mapping-updates.patch - bsc#941074 - VmError: Device 51728 (vbd) could not be connected. Hotplug scripts not working. hotplug-Linux-block-performance-fix.patch - bsc#947165 - VUL-0: CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with qemu-xen (xsa-142) CVE-2015-7311-xsa142.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=378
49 lines
1.9 KiB
Diff
49 lines
1.9 KiB
Diff
# Commit 6c0e4ad60850032c9bbd5d18b8446421c97e08e4
|
|
# Date 2015-09-29 10:25:29 +0200
|
|
# Author Jan Beulich <jbeulich@suse.com>
|
|
# Committer Jan Beulich <jbeulich@suse.com>
|
|
x86/EPT: tighten conditions of IOMMU mapping updates
|
|
|
|
Permission changes should also result in updates or TLB flushes.
|
|
|
|
Signed-off-by: Jan Beulich <jbeulich@suse.com>
|
|
Acked-by: Kevin Tian <kevin.tian@intel.com>
|
|
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
|
|
|
|
--- a/xen/arch/x86/mm/p2m-ept.c
|
|
+++ b/xen/arch/x86/mm/p2m-ept.c
|
|
@@ -619,6 +619,7 @@ ept_set_entry(struct p2m_domain *p2m, un
|
|
uint8_t ipat = 0;
|
|
int need_modify_vtd_table = 1;
|
|
int vtd_pte_present = 0;
|
|
+ unsigned int iommu_flags = p2m_get_iommu_flags(p2mt);
|
|
enum { sync_off, sync_on, sync_check } needs_sync = sync_check;
|
|
ept_entry_t old_entry = { .epte = 0 };
|
|
ept_entry_t new_entry = { .epte = 0 };
|
|
@@ -749,8 +750,9 @@ ept_set_entry(struct p2m_domain *p2m, un
|
|
new_entry.mfn = mfn_x(mfn);
|
|
|
|
/* Safe to read-then-write because we hold the p2m lock */
|
|
- if ( ept_entry->mfn == new_entry.mfn )
|
|
- need_modify_vtd_table = 0;
|
|
+ if ( ept_entry->mfn == new_entry.mfn &&
|
|
+ p2m_get_iommu_flags(ept_entry->sa_p2mt) == iommu_flags )
|
|
+ need_modify_vtd_table = 0;
|
|
|
|
ept_p2m_type_to_flags(&new_entry, p2mt, p2ma);
|
|
}
|
|
@@ -775,11 +777,9 @@ out:
|
|
iommu_pte_flush(d, gfn, &ept_entry->epte, order, vtd_pte_present);
|
|
else
|
|
{
|
|
- unsigned int flags = p2m_get_iommu_flags(p2mt);
|
|
-
|
|
- if ( flags != 0 )
|
|
+ if ( iommu_flags )
|
|
for ( i = 0; i < (1 << order); i++ )
|
|
- iommu_map_page(d, gfn + i, mfn_x(mfn) + i, flags);
|
|
+ iommu_map_page(d, gfn + i, mfn_x(mfn) + i, iommu_flags);
|
|
else
|
|
for ( i = 0; i < (1 << order); i++ )
|
|
iommu_unmap_page(d, gfn + i);
|