1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
From a6c32abd144ec6443c6a433b5a2ac00e2615aa86 Mon Sep 17 00:00:00 2001
From: Juergen Gross <jgross@suse.com>
Date: Tue, 7 Jun 2022 14:02:08 +0200
Subject: [PATCH 11/32] xen/iommu: cleanup iommu related domctl handling
Today iommu_do_domctl() is being called from arch_do_domctl() in the
"default:" case of a switch statement. This has led already to crashes
due to unvalidated parameters.
Fix that by moving the call of iommu_do_domctl() to the main switch
statement of do_domctl().
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> # Arm
master commit: 9cd7e31b3f584e97a138a770cfb031a91a867936
master date: 2022-04-26 10:23:58 +0200
---
xen/arch/arm/domctl.c | 11 +----------
xen/arch/x86/domctl.c | 2 +-
xen/common/domctl.c | 7 +++++++
xen/include/xen/iommu.h | 12 +++++++++---
4 files changed, 18 insertions(+), 14 deletions(-)
diff --git a/xen/arch/arm/domctl.c b/xen/arch/arm/domctl.c
index 6245af6d0bab..1baf25c3d98b 100644
--- a/xen/arch/arm/domctl.c
+++ b/xen/arch/arm/domctl.c
@@ -176,16 +176,7 @@ long arch_do_domctl(struct xen_domctl *domctl, struct domain *d,
return rc;
}
default:
- {
- int rc;
-
- rc = subarch_do_domctl(domctl, d, u_domctl);
-
- if ( rc == -ENOSYS )
- rc = iommu_do_domctl(domctl, d, u_domctl);
-
- return rc;
- }
+ return subarch_do_domctl(domctl, d, u_domctl);
}
}
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 7d102e0647ec..0fa51f2ebd10 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1380,7 +1380,7 @@ long arch_do_domctl(
break;
default:
- ret = iommu_do_domctl(domctl, d, u_domctl);
+ ret = -ENOSYS;
break;
}
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index 419e4070f59d..65d2a4588b71 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -870,6 +870,13 @@ long do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
copyback = 1;
break;
+ case XEN_DOMCTL_assign_device:
+ case XEN_DOMCTL_test_assign_device:
+ case XEN_DOMCTL_deassign_device:
+ case XEN_DOMCTL_get_device_group:
+ ret = iommu_do_domctl(op, d, u_domctl);
+ break;
+
default:
ret = arch_do_domctl(op, d, u_domctl);
break;
diff --git a/xen/include/xen/iommu.h b/xen/include/xen/iommu.h
index 92b2d23f0ba2..861579562e8a 100644
--- a/xen/include/xen/iommu.h
+++ b/xen/include/xen/iommu.h
@@ -342,8 +342,17 @@ struct domain_iommu {
/* Does the IOMMU pagetable need to be kept synchronized with the P2M */
#ifdef CONFIG_HAS_PASSTHROUGH
#define need_iommu_pt_sync(d) (dom_iommu(d)->need_sync)
+
+int iommu_do_domctl(struct xen_domctl *domctl, struct domain *d,
+ XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl);
#else
#define need_iommu_pt_sync(d) ({ (void)(d); false; })
+
+static inline int iommu_do_domctl(struct xen_domctl *domctl, struct domain *d,
+ XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl)
+{
+ return -ENOSYS;
+}
#endif
int __must_check iommu_suspend(void);
@@ -357,9 +366,6 @@ int iommu_do_pci_domctl(struct xen_domctl *, struct domain *d,
XEN_GUEST_HANDLE_PARAM(xen_domctl_t));
#endif
-int iommu_do_domctl(struct xen_domctl *, struct domain *d,
- XEN_GUEST_HANDLE_PARAM(xen_domctl_t));
-
void iommu_dev_iotlb_flush_timeout(struct domain *d, struct pci_dev *pdev);
/*
--
2.35.1
|
GitWeb