]> xenbits.xensource.com Git - xen.git/commitdiff
projects / xen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bcbd8b9)
ARM: disable grant table v2
authorStefano Stabellini <sstabellini@kernel.org>
Tue, 14 Aug 2018 10:20:53 +0000 (11:20 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 14 Aug 2018 16:27:59 +0000 (17:27 +0100)
It was never expected to work, the implementation is incomplete.

As a side effect, it also prevents guests from triggering a
"BUG_ON(page_get_owner(pg) != d)" in gnttab_unpopulate_status_frames().

This is XSA-268.

Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Acked-by: Jan Beulich <jbeulich@suse.com>
(cherry picked from commit 9a5c16a3e75778c8a094ca87784d93b74676f46c)

docs/misc/xen-command-line.markdown patch | blob | blame | history
xen/common/grant_table.c patch | blob | blame | history
xen/include/asm-arm/grant_table.h patch | blob | blame | history

diff --git a/docs/misc/xen-command-line.markdown b/docs/misc/xen-command-line.markdown
index b4a98ebcbf60acf8e837ade210a2afa102cc74d7..118302991b412616f0e4b82ffca035fdb57e53b9 100644 (file)
--- a/docs/misc/xen-command-line.markdown
+++ b/docs/misc/xen-command-line.markdown
@@ -814,6 +814,8 @@ version are 1 and 2.
 use of grant table v2 without transitive grants is an ABI breakage from the
 guests point of view.
 
+The usage of gnttab v2 is not security supported on ARM platforms.
+
 ### gnttab\_max\_frames
 > `= <integer>`
 
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index 97ad8c157870fc5d2d18930f793cf1064dcc1447..52ab6ac11175e0bd788d82aa7ddb3f8b95f8b7b9 100644 (file)
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -62,7 +62,11 @@ integer_param("gnttab_max_frames", max_grant_frames);
 static unsigned int __read_mostly max_maptrack_frames;
 integer_param("gnttab_max_maptrack_frames", max_maptrack_frames);
 
-static unsigned int __read_mostly opt_gnttab_max_version = 2;
+#ifndef GNTTAB_MAX_VERSION
+#define GNTTAB_MAX_VERSION 2
+#endif
+
+static unsigned int __read_mostly opt_gnttab_max_version = GNTTAB_MAX_VERSION;
 static bool_t __read_mostly opt_transitive_grants = 1;
 
 static int __init parse_gnttab(const char *s)
diff --git a/xen/include/asm-arm/grant_table.h b/xen/include/asm-arm/grant_table.h
index fb393d4f45bcc51443ab385047907ecd003a93bc..c5d3a6cdad73e46c62b211def7f3a111df7edb04 100644 (file)
--- a/xen/include/asm-arm/grant_table.h
+++ b/xen/include/asm-arm/grant_table.h
@@ -4,6 +4,7 @@
 #include <xen/grant_table.h>
 
 #define INITIAL_NR_GRANT_FRAMES 4
+#define GNTTAB_MAX_VERSION 1
 
 void gnttab_clear_flag(unsigned long nr, uint16_t *addr);
 int create_grant_host_mapping(unsigned long gpaddr,
Xen (staging and unstable) mirror