xenbits.xensource.com Git - xen.git/commit

author	Julien Grall <julien.grall@arm.com>
	Mon, 29 Apr 2019 14:05:28 +0000 (15:05 +0100)
committer	Julien Grall <julien.grall@arm.com>
	Fri, 14 Jun 2019 13:43:47 +0000 (14:43 +0100)
commit	3f9140b8812abb2b255bccab26e8f4b5f9d04a28
tree	2dded4373c754cb34e3864fe3ac92b16ca42e121	tree
parent	7236d3cea1b4cb153875e166bd0e3b1b79ba9f3d	commit \| diff

xen: Use guest atomics helpers when modifying atomically guest memory

On Arm, exclusive load-store atomics should only be used between trusted
thread. As not all the guests are trusted, it may be possible to DoS Xen
when updating shared memory with guest atomically.

This patch replaces all the atomics operations on shared memory with
a guest by the new guest atomics helpers. The x86 code was not audited
to know where guest atomics helpers could be used. I will leave that
to the x86 folks.

Note that some rework was required in order to plumb use the new guest
atomics in event channel and grant-table.

Because guest_test_bit is ignoring the parameter "d" for now, it
means there a lot of places do not need to drop the const. We may want
to revisit this in the future if the parameter "d" becomes necessary.

This is part of XSA-295.

Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>

xen/arch/arm/domain.c		diff \| blob \| blame \| history
xen/arch/arm/mm.c		diff \| blob \| blame \| history
xen/common/event_2l.c		diff \| blob \| blame \| history
xen/common/event_fifo.c		diff \| blob \| blame \| history
xen/common/grant_table.c		diff \| blob \| blame \| history
xen/include/asm-arm/grant_table.h		diff \| blob \| blame \| history
xen/include/asm-x86/grant_table.h		diff \| blob \| blame \| history