dgit.raspbian.org Git - xen.git/commit

author	Julien Grall <julien.grall@arm.com>
	Mon, 29 Apr 2019 14:05:28 +0000 (15:05 +0100)
committer	Julien Grall <julien.grall@arm.com>
	Fri, 14 Jun 2019 13:38:40 +0000 (14:38 +0100)
commit	8fd10a6176df36fc97bced816dcfb7304d0a37b9
tree	2e0f5d25e31be860780e82c0f3cb16f0be08d6c8	tree \| snapshot
parent	38492cec42b630e6872f15f63987fb9d008739c4	commit \| diff

xen: Use guest atomics helpers when modifying atomically guest memory

On Arm, exclusive load-store atomics should only be used between trusted
thread. As not all the guests are trusted, it may be possible to DoS Xen
when updating shared memory with guest atomically.

This patch replaces all the atomics operations on shared memory with
a guest by the new guest atomics helpers. The x86 code was not audited
to know where guest atomics helpers could be used. I will leave that
to the x86 folks.

Note that some rework was required in order to plumb use the new guest
atomics in event channel and grant-table.

Because guest_test_bit is ignoring the parameter "d" for now, it
means there a lot of places do not need to drop the const. We may want
to revisit this in the future if the parameter "d" becomes necessary.

This is part of XSA-295.

Signed-off-by: Julien Grall <julien.grall@arm.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>

xen/arch/arm/domain.c		diff \| blob \| history
xen/arch/arm/mm.c		diff \| blob \| history
xen/common/event_2l.c		diff \| blob \| history
xen/common/event_fifo.c		diff \| blob \| history
xen/common/grant_table.c		diff \| blob \| history
xen/include/asm-arm/grant_table.h		diff \| blob \| history
xen/include/asm-x86/grant_table.h		diff \| blob \| history