From: Jan Beulich Date: Tue, 5 Mar 2019 14:44:06 +0000 (+0100) Subject: x86/mm: don't retain page type reference when IOMMU operation fails X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=1c4ab1e96c121eafb317a82ecdeb423e6c6dc6d0;p=xen.git x86/mm: don't retain page type reference when IOMMU operation fails The IOMMU update in _get_page_type() happens between recording of the new reference and validation of the page for its new type (if necessary). If the IOMMU operation fails, there's no point in actually carrying out validation. Furthermore, with this resulting in failure getting indicated to the caller, the recorded type reference also needs to be dropped again. Note that in case of failure of alloc_page_type() there's no need to undo the IOMMU operation: Only special types get handed to the function. The function, upon failure, clears ->u.inuse.type_info, effectively converting the page to PGT_none. The IOMMU mapping, however, solely depends on whether the type is PGT_writable_page. This is XSA-291. Reported-by: Igor Druzhinin Reported-by: Andrew Cooper Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper master commit: fad0de986220c46e70be2f83279961aad7394af0 master date: 2019-03-05 13:52:15 +0100 --- diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 5948f5eadf..683a846145 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2998,6 +2998,13 @@ static int __get_page_type(struct page_info *page, unsigned long type, iommu_ret = iommu_map_page(d, mfn_to_gmfn(d, page_to_mfn(page)), page_to_mfn(page), IOMMUF_readable|IOMMUF_writable); + + if ( unlikely(iommu_ret) ) + { + _put_page_type(page, false, NULL); + rc = iommu_ret; + goto out; + } } } @@ -3012,12 +3019,10 @@ static int __get_page_type(struct page_info *page, unsigned long type, rc = alloc_page_type(page, type, preemptible); } + out: if ( (x & PGT_partial) && !(nx & PGT_partial) ) put_page(page); - if ( !rc ) - rc = iommu_ret; - return rc; }