diff options
| author |   Tomáš Mózes <tomas.mozes@gmail.com> | 2024-10-02 07:56:55 +0200 |
|---|---|---|
| committer | Tomáš Mózes <tomas.mozes@gmail.com> | 2024-10-02 07:56:55 +0200 |
| commit | dfa250a41bacd98ada8dd54b7dccc160e9fd5996 (patch) | |
| tree | 69bd58dea81b1e7488828a574aab3ca71f539970 /0022-x86-HVM-properly-reject-indirect-VRAM-writes.patch | |
| parent | Xen 4.18.3-pre-patchset-0 (diff) | |
| download | xen-upstream-patches-dfa250a41bacd98ada8dd54b7dccc160e9fd5996.tar.gz xen-upstream-patches-dfa250a41bacd98ada8dd54b7dccc160e9fd5996.tar.bz2 xen-upstream-patches-dfa250a41bacd98ada8dd54b7dccc160e9fd5996.zip | |
Xen 4.18.4-pre-patchset-04.18.4-pre-patchset-0
Signed-off-by: Tomáš Mózes <tomas.mozes@gmail.com>
Diffstat (limited to '0022-x86-HVM-properly-reject-indirect-VRAM-writes.patch')
| -rw-r--r-- | 0022-x86-HVM-properly-reject-indirect-VRAM-writes.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/0022-x86-HVM-properly-reject-indirect-VRAM-writes.patch b/0022-x86-HVM-properly-reject-indirect-VRAM-writes.patch new file mode 100644 index 0000000..c9f221f --- /dev/null +++ b/0022-x86-HVM-properly-reject-indirect-VRAM-writes.patch @@ -0,0 +1,45 @@ +From b7f66ed124985563c73dadeec84189c48870cd1a Mon Sep 17 00:00:00 2001 +From: Jan Beulich <jbeulich@suse.com> +Date: Tue, 24 Sep 2024 15:00:07 +0200 +Subject: [PATCH 22/25] x86/HVM: properly reject "indirect" VRAM writes + +While ->count will only be different from 1 for "indirect" (data in +guest memory) accesses, it being 1 does not exclude the request being an +"indirect" one. Check both to be on the safe side, and bring the ->count +part also in line with what ioreq_send_buffered() actually refuses to +handle. + +Fixes: 3bbaaec09b1b ("x86/hvm: unify stdvga mmio intercept with standard mmio intercept") +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> +master commit: eb7cd0593d88c4b967a24bca8bd30591966676cd +master date: 2024-09-12 09:13:04 +0200 +--- + xen/arch/x86/hvm/stdvga.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/xen/arch/x86/hvm/stdvga.c b/xen/arch/x86/hvm/stdvga.c +index 2586891863..6419211266 100644 +--- a/xen/arch/x86/hvm/stdvga.c ++++ b/xen/arch/x86/hvm/stdvga.c +@@ -530,14 +530,14 @@ static bool cf_check stdvga_mem_accept( + + spin_lock(&s->lock); + +- if ( p->dir == IOREQ_WRITE && p->count > 1 ) ++ if ( p->dir == IOREQ_WRITE && (p->data_is_ptr || p->count != 1) ) + { + /* + * We cannot return X86EMUL_UNHANDLEABLE on anything other then the + * first cycle of an I/O. So, since we cannot guarantee to always be + * able to send buffered writes, we have to reject any multi-cycle +- * I/O and, since we are rejecting an I/O, we must invalidate the +- * cache. ++ * or "indirect" I/O and, since we are rejecting an I/O, we must ++ * invalidate the cache. + * Single-cycle write transactions are accepted even if the cache is + * not active since we can assert, when in stdvga mode, that writes + * to VRAM have no side effect and thus we can try to buffer them. +-- +2.46.1 + |