File 56a0f4a2-x86-mmuext-tighten-TLB-flush-address-checks.patch of Package xen.4507
# Commit 828e114f7cdd9910483783ab0563b178325e579a
# Date 2016-01-21 16:09:22 +0100
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/mmuext: tighten TLB flush address checks
Addresses passed by PV guests should be subjected to __addr_ok(),
avoiding undue TLB flushes.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3169,8 +3169,9 @@ long do_mmuext_op(
break;
case MMUEXT_INVLPG_LOCAL:
- if ( !paging_mode_enabled(d)
- || paging_invlpg(curr, op.arg1.linear_addr) != 0 )
+ if ( !paging_mode_enabled(d)
+ ? __addr_ok(op.arg1.linear_addr)
+ : paging_invlpg(curr, op.arg1.linear_addr) )
flush_tlb_one_local(op.arg1.linear_addr);
break;
@@ -3188,7 +3189,7 @@ long do_mmuext_op(
}
if ( op.cmd == MMUEXT_TLB_FLUSH_MULTI )
flush_tlb_mask(&pmask);
- else
+ else if ( __addr_ok(op.arg1.linear_addr) )
flush_tlb_one_mask(&pmask, op.arg1.linear_addr);
break;
}
@@ -3198,7 +3199,8 @@ long do_mmuext_op(
break;
case MMUEXT_INVLPG_ALL:
- flush_tlb_one_mask(d->domain_dirty_cpumask, op.arg1.linear_addr);
+ if ( __addr_ok(op.arg1.linear_addr) )
+ flush_tlb_one_mask(d->domain_dirty_cpumask, op.arg1.linear_addr);
break;
case MMUEXT_FLUSH_CACHE:
--- a/xen/include/asm-x86/paging.h
+++ b/xen/include/asm-x86/paging.h
@@ -239,7 +239,9 @@ paging_fault(unsigned long va, struct cp
* or 0 if it's safe not to do so. */
static inline int paging_invlpg(struct vcpu *v, unsigned long va)
{
- return is_canonical_address(va) && paging_get_hostmode(v)->invlpg(v, va);
+ return (paging_mode_external(v->domain) ? is_canonical_address(va)
+ : __addr_ok(va)) &&
+ paging_get_hostmode(v)->invlpg(v, va);
}
/* Translate a guest virtual address to the frame number that the
