From: Jan Beulich Date: Thu, 22 Jun 2017 07:56:20 +0000 (+0200) Subject: x86/mmuext: don't allow copying/clearing non-RAM pages X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~1939 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3724385e39294b6937def11bcbd1afab7ef43552;p=xen.git x86/mmuext: don't allow copying/clearing non-RAM pages The two operations really aren't meant for anything else. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper --- diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index e0abff00fd..14b9125ef5 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3217,6 +3217,7 @@ long do_mmuext_op( switch ( op.cmd ) { struct page_info *page; + p2m_type_t p2mt; case MMUEXT_PIN_L1_TABLE: type = PGT_l1_page_table; @@ -3516,7 +3517,12 @@ long do_mmuext_op( } case MMUEXT_CLEAR_PAGE: - page = get_page_from_gfn(pg_owner, op.arg1.mfn, NULL, P2M_ALLOC); + page = get_page_from_gfn(pg_owner, op.arg1.mfn, &p2mt, P2M_ALLOC); + if ( unlikely(p2mt != p2m_ram_rw) && page ) + { + put_page(page); + page = NULL; + } if ( !page || !get_page_type(page, PGT_writable_page) ) { if ( page ) @@ -3539,8 +3545,13 @@ long do_mmuext_op( { struct page_info *src_page, *dst_page; - src_page = get_page_from_gfn(pg_owner, op.arg2.src_mfn, NULL, + src_page = get_page_from_gfn(pg_owner, op.arg2.src_mfn, &p2mt, P2M_ALLOC); + if ( unlikely(p2mt != p2m_ram_rw) && src_page ) + { + put_page(src_page); + src_page = NULL; + } if ( unlikely(!src_page) ) { gdprintk(XENLOG_WARNING, @@ -3550,8 +3561,13 @@ long do_mmuext_op( break; } - dst_page = get_page_from_gfn(pg_owner, op.arg1.mfn, NULL, + dst_page = get_page_from_gfn(pg_owner, op.arg1.mfn, &p2mt, P2M_ALLOC); + if ( unlikely(p2mt != p2m_ram_rw) && dst_page ) + { + put_page(dst_page); + dst_page = NULL; + } rc = (dst_page && get_page_type(dst_page, PGT_writable_page)) ? 0 : -EINVAL; if ( unlikely(rc) )