54 lines
1.7 KiB
Diff
54 lines
1.7 KiB
Diff
From: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
Subject: VT-d: Fix "else" vs "#endif" misplacement
|
|
|
|
In domain_pgd_maddr() the "#endif" is misplaced with respect to "else". This
|
|
generates incorrect logic when CONFIG_HVM is compiled out, as the "else" body
|
|
is executed unconditionally.
|
|
|
|
Rework the logic to use IS_ENABLED() instead of explicit #ifdef-ary, as it's
|
|
clearer to follow. This in turn involves adjusting p2m_get_pagetable() to
|
|
compile when CONFIG_HVM is disabled.
|
|
|
|
This is XSA-450 / CVE-2023-46840.
|
|
|
|
Fixes: 033ff90aa9c1 ("x86/P2M: p2m_{alloc,free}_ptp() and p2m_alloc_table() are HVM-only")
|
|
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
|
|
Reviewed-by: Jan Beulich <jbeulich@suse.com>
|
|
|
|
--- a/xen/arch/x86/include/asm/p2m.h
|
|
+++ b/xen/arch/x86/include/asm/p2m.h
|
|
@@ -447,7 +447,14 @@ static inline bool_t p2m_is_altp2m(const
|
|
return p2m->p2m_class == p2m_alternate;
|
|
}
|
|
|
|
-#define p2m_get_pagetable(p2m) ((p2m)->phys_table)
|
|
+#ifdef CONFIG_HVM
|
|
+static inline pagetable_t p2m_get_pagetable(const struct p2m_domain *p2m)
|
|
+{
|
|
+ return p2m->phys_table;
|
|
+}
|
|
+#else
|
|
+pagetable_t p2m_get_pagetable(const struct p2m_domain *p2m);
|
|
+#endif
|
|
|
|
/*
|
|
* Ensure any deferred p2m TLB flush has been completed on all VCPUs.
|
|
--- a/xen/drivers/passthrough/vtd/iommu.c
|
|
+++ b/xen/drivers/passthrough/vtd/iommu.c
|
|
@@ -441,15 +441,13 @@ static paddr_t domain_pgd_maddr(struct d
|
|
|
|
if ( pgd_maddr )
|
|
/* nothing */;
|
|
-#ifdef CONFIG_HVM
|
|
- else if ( iommu_use_hap_pt(d) )
|
|
+ else if ( IS_ENABLED(CONFIG_HVM) && iommu_use_hap_pt(d) )
|
|
{
|
|
pagetable_t pgt = p2m_get_pagetable(p2m_get_hostp2m(d));
|
|
|
|
pgd_maddr = pagetable_get_paddr(pgt);
|
|
}
|
|
else
|
|
-#endif
|
|
{
|
|
if ( !hd->arch.vtd.pgd_maddr )
|
|
{
|