xenbits.xensource.com Git - xen.git/commit

author	Teddy Astie <teddy.astie@vates.tech>
	Tue, 13 Aug 2024 14:36:40 +0000 (16:36 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Tue, 13 Aug 2024 14:36:40 +0000 (16:36 +0200)
commit	beadd68b5490ada053d72f8a9ce6fd696d626596
tree	cd39b0e7c8d7174466606068b5f605b066412a20	tree
parent	98a462f8b169f93ab7463023f0ed94575f8225b4	commit \| diff

x86/IOMMU: move tracking in iommu_identity_mapping()

If for some reason xmalloc() fails after having mapped the reserved
regions, an error is reported, but the regions remain mapped in the P2M.

Similarly if an error occurs during set_identity_p2m_entry() (except on
the first call), the partial mappings of the region would be retained
without being tracked anywhere, and hence without there being a way to
remove them again from the domain's P2M.

Move the setting up of the list entry ahead of trying to map the region.
In cases other than the first mapping failing, keep record of the full
region, such that a subsequent unmapping request can be properly torn
down.

To compensate for the potentially excess unmapping requests, don't log a
warning from p2m_remove_identity_entry() when there really was nothing
mapped at a given GFN.

This is XSA-460 / CVE-2024-31145.

Fixes: 2201b67b9128 ("VT-d: improve RMRR region handling")
Fixes: c0e19d7c6c42 ("IOMMU: generalize VT-d's tracking of mapped RMRR regions")
Signed-off-by: Teddy Astie <teddy.astie@vates.tech>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>

xen/arch/x86/mm/p2m.c		diff \| blob \| blame \| history
xen/drivers/passthrough/x86/iommu.c		diff \| blob \| blame \| history