From: Feng Wu <feng.wu@intel.com>
Date: Fri, 1 Aug 2014 14:40:39 +0000 (+0200)
Subject: x86/hvm: always do SMAP check when updating secondary system time for guest
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~4568
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=340f8cb83013dc80ebd29ed5b743040a5a45c146;p=xen.git

x86/hvm: always do SMAP check when updating secondary system time for guest

In this patch, we always do the SMAP check when updating secondary
system time for the guest when SMAP is enabled by it.

Signed-off-by: Feng Wu <feng.wu@intel.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/arch/x86/time.c b/xen/arch/x86/time.c
index 9e30d97743..bd892198c0 100644
--- a/xen/arch/x86/time.c
+++ b/xen/arch/x86/time.c
@@ -859,17 +859,23 @@ static void __update_vcpu_system_time(struct vcpu *v, int force)
         v->arch.pv_vcpu.pending_system_time = _u;
 }
 
-bool_t update_secondary_system_time(const struct vcpu *v,
+bool_t update_secondary_system_time(struct vcpu *v,
                                     struct vcpu_time_info *u)
 {
     XEN_GUEST_HANDLE(vcpu_time_info_t) user_u = v->arch.time_info_guest;
+    smap_check_policy_t saved_policy;
 
     if ( guest_handle_is_null(user_u) )
         return 1;
 
+    saved_policy = smap_policy_change(v, SMAP_CHECK_ENABLED);
+
     /* 1. Update userspace version. */
     if ( __copy_field_to_guest(user_u, u, version) == sizeof(u->version) )
+    {
+        smap_policy_change(v, saved_policy);
         return 0;
+    }
     wmb();
     /* 2. Update all other userspace fields. */
     __copy_to_guest(user_u, u, 1);
@@ -878,6 +884,8 @@ bool_t update_secondary_system_time(const struct vcpu *v,
     u->version = version_update_end(u->version);
     __copy_field_to_guest(user_u, u, version);
 
+    smap_policy_change(v, saved_policy);
+
     return 1;
 }
 
diff --git a/xen/include/asm-x86/domain.h b/xen/include/asm-x86/domain.h
index 112d0b1637..83329ed3bc 100644
--- a/xen/include/asm-x86/domain.h
+++ b/xen/include/asm-x86/domain.h
@@ -468,7 +468,7 @@ smap_check_policy_t smap_policy_change(struct vcpu *v,
 #define hvm_svm         hvm_vcpu.u.svm
 
 bool_t update_runstate_area(struct vcpu *);
-bool_t update_secondary_system_time(const struct vcpu *,
+bool_t update_secondary_system_time(struct vcpu *,
                                     struct vcpu_time_info *);
 
 void vcpu_show_execution_state(struct vcpu *);