From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 25 Nov 2014 09:07:09 +0000 (+0100)
Subject: x86: tighten page table owner checking in do_mmu_update()
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~4068
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks://%22Dat/%22http:/www.example.com/cgi/%22https:/%22bookmarks:/%22Dat?a=commitdiff_plain;h=dc419f0a3752032ab00124dc55609d9231e53128;p=xen.git

x86: tighten page table owner checking in do_mmu_update()

MMU_MACHPHYS_UPDATE, not manipulating page tables, shouldn't ignore
a bad page table domain being specified.

Also pt_owner can't be NULL when reaching the "out" label, so the
respective check can be dropped.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Tim Deegan <tim@xen.org>
Release-Acked-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
---

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 3e3353cb48..61b8e776aa 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3618,6 +3618,11 @@ long do_mmu_update(
         break;
 
         case MMU_MACHPHYS_UPDATE:
+            if ( unlikely(d != pt_owner) )
+            {
+                rc = -EPERM;
+                break;
+            }
 
             if ( unlikely(paging_mode_translate(pg_owner)) )
             {
@@ -3693,7 +3698,7 @@ long do_mmu_update(
     perfc_add(num_page_updates, i);
 
  out:
-    if ( pt_owner && (pt_owner != d) )
+    if ( pt_owner != d )
         rcu_unlock_domain(pt_owner);
 
     /* Add incremental work we have done to the @done output parameter. */