x86/mmuext: tighten TLB flush address checks

author Jan Beulich <jbeulich@suse.com>

Thu, 21 Jan 2016 15:09:22 +0000 (16:09 +0100)

committer Jan Beulich <jbeulich@suse.com>

Thu, 21 Jan 2016 15:09:22 +0000 (16:09 +0100)
author Jan Beulich <jbeulich@suse.com>
Thu, 21 Jan 2016 15:09:22 +0000 (16:09 +0100)
committer Jan Beulich <jbeulich@suse.com>
Thu, 21 Jan 2016 15:09:22 +0000 (16:09 +0100)
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c

index b81d1fdcdff23ecd79fd3adf19d128d82785fde7..b5d0ebc380ea3892179b52638358a1dedb9acf05 100644 (file)
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3268,8 +3268,9 @@ long do_mmuext_op(
          case MMUEXT_INVLPG_LOCAL:
              if ( unlikely(d != pg_owner) )
                  rc = -EPERM;
-            else if ( !paging_mode_enabled(d) ||
-                      paging_invlpg(curr, op.arg1.linear_addr) != 0 )
+            else if ( !paging_mode_enabled(d)
+                      ? __addr_ok(op.arg1.linear_addr)
+                      : paging_invlpg(curr, op.arg1.linear_addr) )
                  flush_tlb_one_local(op.arg1.linear_addr);
              break;
  
@@ -3290,7 +3291,7 @@ long do_mmuext_op(
  
              if ( op.cmd == MMUEXT_TLB_FLUSH_MULTI )
                  flush_tlb_mask(&pmask);
-            else
+            else if ( __addr_ok(op.arg1.linear_addr) )
                  flush_tlb_one_mask(&pmask, op.arg1.linear_addr);
              break;
          }
@@ -3303,10 +3304,10 @@ long do_mmuext_op(
              break;
      
          case MMUEXT_INVLPG_ALL:
-            if ( likely(d == pg_owner) )
-                flush_tlb_one_mask(d->domain_dirty_cpumask, op.arg1.linear_addr);
-            else
+            if ( unlikely(d != pg_owner) )
                  rc = -EPERM;
+            else if ( __addr_ok(op.arg1.linear_addr) )
+                flush_tlb_one_mask(d->domain_dirty_cpumask, op.arg1.linear_addr);
              break;
  
          case MMUEXT_FLUSH_CACHE:
diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h

index 6215f57ebca2c0679572d1d9ca247d1a3130df6d..c4129530a6b2500620f77f6dc565319d65b37286 100644 (file)
--- a/xen/include/asm-x86/paging.h
+++ b/xen/include/asm-x86/paging.h
@@ -245,7 +245,9 @@ paging_fault(unsigned long va, struct cpu_user_regs *regs)
   * or 0 if it's safe not to do so. */
  static inline int paging_invlpg(struct vcpu *v, unsigned long va)
  {
-    return is_canonical_address(va) && paging_get_hostmode(v)->invlpg(v, va);
+    return (paging_mode_external(v->domain) ? is_canonical_address(va)
+                                            : __addr_ok(va)) &&
+           paging_get_hostmode(v)->invlpg(v, va);
  }
  
  /* Translate a guest virtual address to the frame number that the
author	Jan Beulich <jbeulich@suse.com>
	Thu, 21 Jan 2016 15:09:22 +0000 (16:09 +0100)
committer	Jan Beulich <jbeulich@suse.com>
	Thu, 21 Jan 2016 15:09:22 +0000 (16:09 +0100)
xen/arch/x86/mm.c		patch \| blob \| blame \| history
xen/include/asm-x86/paging.h		patch \| blob \| blame \| history