Zhang, Yang Z
2012-Jul-11 00:58 UTC
[PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor
According to vt-d specs, the addr in IOTLB invalidation descriptor should be 4K
page aligned.
Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
diff -r 0455d8317631 xen/drivers/passthrough/vtd/qinval.c
--- a/xen/drivers/passthrough/vtd/qinval.c Thu Jun 28 18:43:28 2012 +0100
+++ b/xen/drivers/passthrough/vtd/qinval.c Wed Jul 11 08:43:24 2012 +0800
@@ -140,7 +140,7 @@ static int gen_iotlb_inv_dsc(struct iomm
qinval_entry->q.iotlb_inv_dsc.hi.am = am;
qinval_entry->q.iotlb_inv_dsc.hi.ih = ih;
qinval_entry->q.iotlb_inv_dsc.hi.res_1 = 0;
- qinval_entry->q.iotlb_inv_dsc.hi.addr = addr;
+ qinval_entry->q.iotlb_inv_dsc.hi.addr = addr >> PAGE_SHIFT_4K;
unmap_vtd_domain_page(qinval_entries);
spin_unlock_irqrestore(&qi_ctrl->qinval_lock, flags);
Ian Jackson
2012-Jul-24 14:48 UTC
Re: [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor
Zhang, Yang Z writes ("[Xen-devel] [PATCH] vt-d: fix wrong addr in IOTLB
invalidation descriptor"):> According to vt-d specs, the addr in IOTLB invalidation descriptor should
be 4K page aligned.
>
> Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
>
> diff -r 0455d8317631 xen/drivers/passthrough/vtd/qinval.c
> --- a/xen/drivers/passthrough/vtd/qinval.c Thu Jun 28 18:43:28 2012
+0100
> +++ b/xen/drivers/passthrough/vtd/qinval.c Wed Jul 11 08:43:24 2012
+0800
> @@ -140,7 +140,7 @@ static int gen_iotlb_inv_dsc(struct iomm
> qinval_entry->q.iotlb_inv_dsc.hi.am = am;
> qinval_entry->q.iotlb_inv_dsc.hi.ih = ih;
> qinval_entry->q.iotlb_inv_dsc.hi.res_1 = 0;
> - qinval_entry->q.iotlb_inv_dsc.hi.addr = addr;
> + qinval_entry->q.iotlb_inv_dsc.hi.addr = addr >>
PAGE_SHIFT_4K;
>
> unmap_vtd_domain_page(qinval_entries);
> spin_unlock_irqrestore(&qi_ctrl->qinval_lock, flags);
Does this mean that previously we were invalidating the wrong place
and therefore our invalidations were ineffective ? Can this be
exploited somehow by a malicious guest ?
Ian.
Zhang, Yang Z
2012-Jul-25 00:44 UTC
Re: [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor
Ian Jackson wrote on 2012-07-24:> Zhang, Yang Z writes ("[Xen-devel] [PATCH] vt-d: fix wrong addr in IOTLB > invalidation descriptor"): >> According to vt-d specs, the addr in IOTLB invalidation descriptor >> should be 4K page aligned. >> >> Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com> >> >> diff -r 0455d8317631 xen/drivers/passthrough/vtd/qinval.c --- >> a/xen/drivers/passthrough/vtd/qinval.c Thu Jun 28 18:43:28 2012 >> +0100 +++ b/xen/drivers/passthrough/vtd/qinval.c Wed Jul 11 >> 08:43:24 2012 +0800 @@ -140,7 +140,7 @@ static int >> gen_iotlb_inv_dsc(struct iomm >> qinval_entry->q.iotlb_inv_dsc.hi.am = am; >> qinval_entry->q.iotlb_inv_dsc.hi.ih = ih; >> qinval_entry->q.iotlb_inv_dsc.hi.res_1 = 0; >> - qinval_entry->q.iotlb_inv_dsc.hi.addr = addr; >> + qinval_entry->q.iotlb_inv_dsc.hi.addr = addr >> PAGE_SHIFT_4K; >> >> unmap_vtd_domain_page(qinval_entries); >> spin_unlock_irqrestore(&qi_ctrl->qinval_lock, flags); > > Does this mean that previously we were invalidating the wrong place > and therefore our invalidations were ineffective ? Can this be > exploited somehow by a malicious guest ?Yes. All the invalidations were ineffective before this patch. The previous release which supporting the QI also need this patch. No, hypervisor owns it and guest is unaware of it. Best regards, Yang
Jan Beulich
2012-Jul-30 09:50 UTC
Re: [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor
>>> On 11.07.12 at 02:58, "Zhang, Yang Z" <yang.z.zhang@intel.com> wrote: > According to vt-d specs, the addr in IOTLB invalidation descriptor should be > 4K page aligned.Could you please put this into both 4.x-testing trees, too? Thanks, Jan> Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com> > > diff -r 0455d8317631 xen/drivers/passthrough/vtd/qinval.c > --- a/xen/drivers/passthrough/vtd/qinval.c Thu Jun 28 18:43:28 2012 +0100 > +++ b/xen/drivers/passthrough/vtd/qinval.c Wed Jul 11 08:43:24 2012 > +0800 > @@ -140,7 +140,7 @@ static int gen_iotlb_inv_dsc(struct iomm > qinval_entry->q.iotlb_inv_dsc.hi.am = am; > qinval_entry->q.iotlb_inv_dsc.hi.ih = ih; > qinval_entry->q.iotlb_inv_dsc.hi.res_1 = 0; > - qinval_entry->q.iotlb_inv_dsc.hi.addr = addr; > + qinval_entry->q.iotlb_inv_dsc.hi.addr = addr >> PAGE_SHIFT_4K; > > unmap_vtd_domain_page(qinval_entries); > spin_unlock_irqrestore(&qi_ctrl->qinval_lock, flags); > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > http://lists.xen.org/xen-devel