xenbits.xensource.com Git - xen.git/commit

author	Jan Beulich <jbeulich@suse.com>
	Tue, 20 Oct 2020 13:20:54 +0000 (15:20 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Tue, 20 Oct 2020 13:20:54 +0000 (15:20 +0200)
commit	d73e9720545d6acb376bd7c2b1b1d7c92aec6e30
tree	f1f95d34eba6d8355f9d98d1cead2ad096e15f82	tree
parent	6f012ec24294993d59bac9b9caae7d3c4dae347d	commit \| diff

IOMMU: hold page ref until after deferred TLB flush

When moving around a page via XENMAPSPACE_gmfn_range, deferring the TLB
flush for the "from" GFN range requires that the page remains allocated
to the guest until the TLB flush has actually occurred. Otherwise a
parallel hypercall to remove the page would only flush the TLB for the
GFN it has been moved to, but not the one is was mapped at originally.

This is part of XSA-346.

Fixes: cf95b2a9fd5a ("iommu: Introduce per cpu flag (iommu_dont_flush_iotlb) to avoid unnecessary iotlb... ")
Reported-by: Julien Grall <jgrall@amazon.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Julien Grall <jgrall@amazon.com>
master commit: 5777a3742d88ff1c0ebc626ceb4fd47f9b3dc6d5
master date: 2020-10-20 14:21:32 +0200

xen/arch/arm/mm.c		diff \| blob \| blame \| history
xen/arch/x86/mm.c		diff \| blob \| blame \| history
xen/common/memory.c		diff \| blob \| blame \| history
xen/include/xen/mm.h		diff \| blob \| blame \| history