xenbits.xensource.com Git - xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Mon, 23 Jul 2018 06:11:40 +0000 (08:11 +0200)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 14 Aug 2018 15:56:47 +0000 (16:56 +0100)
commit	c612481d1c9232c6abf91b03ec655e92f808805f
tree	589bf0df6381ce4139612c8bf4e2f5f04d142cfe	tree
parent	b76ec3946bf6caca2c3950b857c008bc8db6723f	commit \| diff

x86/mm: Plumbing to allow any PTE update to fail with -ERESTART

Switching to shadow mode is performed in tasklet context.  To facilitate this,
we schedule the tasklet, then create a hypercall continuation to allow the
switch to take place.

As a consequence, the x86 mm code needs to cope with an L1e operation being
continuable.  do_mmu{,ext}_op() may no longer assert that a continuation
doesn't happen on the final iteration.

To handle the arguments correctly on continuation, compat_update_va_mapping*()
may no longer call into their non-compat counterparts.  Move the compat
functions into mm.c rather than exporting __do_update_va_mapping() and
{get,put}_pg_owner(), and fix an unsigned long/int inconsistency with
compat_update_va_mapping_otherdomain().

This is part of XSA-273 / CVE-2018-3620.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

xen/arch/x86/mm.c		diff \| blob \| blame \| history
xen/arch/x86/x86_64/compat/mm.c		diff \| blob \| blame \| history
xen/include/asm-x86/hypercall.h		diff \| blob \| blame \| history