From dea460d86957bf1425a8a1572626099ac3f165a8 Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Tue, 20 Oct 2020 14:21:09 +0200 Subject: [PATCH] IOMMU: suppress "iommu_dont_flush_iotlb" when about to free a page Deferring flushes to a single, wide range one - as is done when handling XENMAPSPACE_gmfn_range - is okay only as long as pages don't get freed ahead of the eventual flush. While the only function setting the flag (xenmem_add_to_physmap()) suggests by its name that it's only mapping new entries, in reality the way xenmem_add_to_physmap_one() works means an unmap would happen not only for the page being moved (but not freed) but, if the destination GFN is populated, also for the page being displaced from that GFN. Collapsing the two flushes for this GFN into just one (end even more so deferring it to a batched invocation) is not correct. This is part of XSA-346. Fixes: cf95b2a9fd5a ("iommu: Introduce per cpu flag (iommu_dont_flush_iotlb) to avoid unnecessary iotlb... ") Signed-off-by: Jan Beulich Reviewed-by: Paul Durrant Acked-by: Julien Grall --- xen/common/memory.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/xen/common/memory.c b/xen/common/memory.c index 1bab0e80c2..5f4be59761 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -293,6 +293,7 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) p2m_type_t p2mt; #endif mfn_t mfn; + bool *dont_flush_p, dont_flush; int rc; #ifdef CONFIG_X86 @@ -379,8 +380,18 @@ int guest_remove_page(struct domain *d, unsigned long gmfn) return -ENXIO; } + /* + * Since we're likely to free the page below, we need to suspend + * xenmem_add_to_physmap()'s suppressing of IOMMU TLB flushes. + */ + dont_flush_p = &this_cpu(iommu_dont_flush_iotlb); + dont_flush = *dont_flush_p; + *dont_flush_p = false; + rc = guest_physmap_remove_page(d, _gfn(gmfn), mfn, 0); + *dont_flush_p = dont_flush; + /* * With the lack of an IOMMU on some platforms, domains with DMA-capable * device must retrieve the same pfn when the hypercall populate_physmap -- 2.39.5