File 612634c3-x86-p2m-introduce-p2m_is_special.patch of Package xen.21117
# Commit 0bf755e2c856628e11e93c76c3e12974e9964638
# Date 2021-08-25 14:17:07 +0200
# Author Jan Beulich <jbeulich@suse.com>
# Committer Jan Beulich <jbeulich@suse.com>
x86/p2m: introduce p2m_is_special()
Seeing the similarity of grant, foreign, and (subsequently) direct-MMIO
handling, introduce a new P2M type group named "special" (as in "needing
special accessors to create/destroy").
Also use -EPERM instead of other error codes on the two domain_crash()
paths touched.
This is part of XSA-378.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Paul Durrant <paul@xen.org>
--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -807,7 +807,7 @@ p2m_remove_page(struct p2m_domain *p2m,
for ( i = 0; i < (1UL << page_order); i++ )
{
p2m->get_entry(p2m, gfn_add(gfn, i), &t, &a, 0, NULL, NULL);
- if ( !p2m_is_grant(t) && !p2m_is_shared(t) && !p2m_is_foreign(t) )
+ if ( !p2m_is_special(t) && !p2m_is_shared(t) )
set_gpfn_from_mfn(mfn+i, INVALID_M2P_ENTRY);
}
}
@@ -934,13 +934,13 @@ guest_physmap_add_entry(struct domain *d
&ot, &a, 0, NULL, NULL);
ASSERT(!p2m_is_shared(ot));
}
- if ( p2m_is_grant(ot) || p2m_is_foreign(ot) )
+ if ( p2m_is_special(ot) )
{
- /* Really shouldn't be unmapping grant/foreign maps this way */
+ /* Don't permit unmapping grant/foreign this way. */
domain_crash(d);
p2m_unlock(p2m);
- return -EINVAL;
+ return -EPERM;
}
else if ( p2m_is_ram(ot) && !p2m_is_paged(ot) )
{
@@ -1034,8 +1034,7 @@ int p2m_change_type_one(struct domain *d
struct p2m_domain *p2m = p2m_get_hostp2m(d);
int rc;
- BUG_ON(p2m_is_grant(ot) || p2m_is_grant(nt));
- BUG_ON(p2m_is_foreign(ot) || p2m_is_foreign(nt));
+ BUG_ON(p2m_is_special(ot) || p2m_is_special(nt));
gfn_lock(p2m, gfn, 0);
@@ -1282,11 +1281,11 @@ static int set_typed_p2m_entry(struct do
gfn_unlock(p2m, gfn, order);
return cur_order + 1;
}
- if ( p2m_is_grant(ot) || p2m_is_foreign(ot) )
+ if ( p2m_is_special(ot) )
{
gfn_unlock(p2m, gfn, order);
domain_crash(d);
- return -ENOENT;
+ return -EPERM;
}
else if ( p2m_is_ram(ot) )
{
--- a/xen/include/asm-x86/p2m.h
+++ b/xen/include/asm-x86/p2m.h
@@ -141,6 +141,10 @@ typedef unsigned int p2m_query_t;
| p2m_to_mask(p2m_ram_logdirty) )
#define P2M_SHARED_TYPES (p2m_to_mask(p2m_ram_shared))
+/* Types established/cleaned up via special accessors. */
+#define P2M_SPECIAL_TYPES (P2M_GRANT_TYPES | \
+ p2m_to_mask(p2m_map_foreign))
+
/* Valid types not necessarily associated with a (valid) MFN. */
#define P2M_INVALID_MFN_TYPES (P2M_POD_TYPES \
| p2m_to_mask(p2m_mmio_direct) \
@@ -169,6 +173,7 @@ typedef unsigned int p2m_query_t;
#define p2m_is_paged(_t) (p2m_to_mask(_t) & P2M_PAGED_TYPES)
#define p2m_is_sharable(_t) (p2m_to_mask(_t) & P2M_SHARABLE_TYPES)
#define p2m_is_shared(_t) (p2m_to_mask(_t) & P2M_SHARED_TYPES)
+#define p2m_is_special(_t) (p2m_to_mask(_t) & P2M_SPECIAL_TYPES)
#define p2m_is_broken(_t) (p2m_to_mask(_t) & P2M_BROKEN_TYPES)
#define p2m_is_foreign(_t) (p2m_to_mask(_t) & p2m_to_mask(p2m_map_foreign))