File xsa321-3.patch of Package xen.15891

From: <security@xenproject.org>
Subject: x86/iommu: introduce a cache sync hook

The hook is only implemented for VT-d and it uses the already existing
iommu_sync_cache function present in VT-d code. The new hook is
added so that the cache can be flushed by code outside of VT-d when
using shared page tables.

Note that alloc_pgtable_maddr must use the now locally defined
sync_cache function, because IOMMU ops are not yet setup the first
time the function gets called during IOMMU initialization.

No functional change intended.

This is part of XSA-321.

Reviewed-by: Jan Beulich <jbeulich@suse.com>

--- xen-4.12.3-testing.orig/xen/drivers/passthrough/vtd/extern.h
+++ xen-4.12.3-testing/xen/drivers/passthrough/vtd/extern.h
@@ -43,7 +43,6 @@ void disable_qinval(struct iommu *iommu)
 int enable_intremap(struct iommu *iommu, int eim);
 void disable_intremap(struct iommu *iommu);
 
-void iommu_sync_cache(const void *addr, unsigned int size);
 int iommu_alloc(struct acpi_drhd_unit *drhd);
 void iommu_free(struct acpi_drhd_unit *drhd);
 
--- xen-4.12.3-testing.orig/xen/drivers/passthrough/vtd/iommu.c
+++ xen-4.12.3-testing/xen/drivers/passthrough/vtd/iommu.c
@@ -159,7 +159,7 @@ static void __init free_intel_iommu(stru
 
 static int iommus_incoherent;
 
-void iommu_sync_cache(const void *addr, unsigned int size)
+static void sync_cache(const void *addr, unsigned int size)
 {
     int i;
     static unsigned int clflush_size = 0;
@@ -198,7 +198,7 @@ u64 alloc_pgtable_maddr(struct acpi_drhd
         vaddr = __map_domain_page(cur_pg);
         memset(vaddr, 0, PAGE_SIZE);
 
-        iommu_sync_cache(vaddr, PAGE_SIZE);
+        sync_cache(vaddr, PAGE_SIZE);
         unmap_domain_page(vaddr);
         cur_pg++;
     }
@@ -2814,6 +2814,7 @@ const struct iommu_ops __initconstrel in
     .iotlb_flush_all = iommu_flush_iotlb_all,
     .get_reserved_device_memory = intel_iommu_get_reserved_device_memory,
     .dump_p2m_table = vtd_dump_p2m_table,
+    .sync_cache = sync_cache,
 };
 
 const struct iommu_init_ops __initconstrel intel_iommu_init_ops = {
--- xen-4.12.3-testing.orig/xen/include/asm-x86/iommu.h
+++ xen-4.12.3-testing/xen/include/asm-x86/iommu.h
@@ -112,6 +112,13 @@ extern bool untrusted_msi;
 int pi_update_irte(const struct pi_desc *pi_desc, const struct pirq *pirq,
                    const uint8_t gvec);
 
+#define iommu_sync_cache(addr, size) ({                 \
+    const struct iommu_ops *ops = iommu_get_ops();      \
+                                                        \
+    if ( ops->sync_cache )                              \
+        ops->sync_cache(addr, size);                    \
+})
+
 #endif /* !__ARCH_X86_IOMMU_H__ */
 /*
  * Local variables:
--- xen-4.12.3-testing.orig/xen/include/xen/iommu.h
+++ xen-4.12.3-testing/xen/include/xen/iommu.h
@@ -228,6 +228,8 @@ struct iommu_ops {
 
     int (*setup_hpet_msi)(struct msi_desc *);
 
+    void (*sync_cache)(const void *addr, unsigned int size);
+
     int (*adjust_irq_affinities)(void);
 #endif /* CONFIG_X86 */