xenbits.xensource.com Git - xen.git/commit

author	Julien Grall <julien.grall@arm.com>
	Mon, 29 Apr 2019 14:05:28 +0000 (15:05 +0100)
committer	Julien Grall <julien.grall@arm.com>
	Fri, 14 Jun 2019 14:46:00 +0000 (15:46 +0100)
commit	48ab64fa4e34ffd8d365cf96fa51205c19cd0852
tree	f5ee5b841d6ba029c1ab2aa90918acf3e4f8831f	tree
parent	181ed91826a4bdc0219534cb96821d1dec8dd942	commit \| diff

xen: Use guest atomics helpers when modifying atomically guest memory

On Arm, exclusive load-store atomics should only be used between trusted
thread. As not all the guests are trusted, it may be possible to DoS Xen
when updating shared memory with guest atomically.

This patch replaces all the atomics operations on shared memory with
a guest by the new guest atomics helpers. The x86 code was not audited
to know where guest atomics helpers could be used. I will leave that
to the x86 folks.

Note that some rework was required in order to plumb use the new guest
atomics in event channel and grant-table.

Because guest_test_bit is ignoring the parameter "d" for now, it
means there a lot of places do not need to drop the const. We may want
to revisit this in the future if the parameter "d" becomes necessary.

This is part of XSA-295.

Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>

xen/arch/arm/domain.c		diff \| blob \| blame \| history
xen/arch/arm/mm.c		diff \| blob \| blame \| history
xen/common/event_2l.c		diff \| blob \| blame \| history
xen/common/event_fifo.c		diff \| blob \| blame \| history
xen/common/grant_table.c		diff \| blob \| blame \| history
xen/include/asm-arm/grant_table.h		diff \| blob \| blame \| history
xen/include/asm-x86/grant_table.h		diff \| blob \| blame \| history