[PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor
@ 2012-07-11  0:58 Zhang, Yang Z
  2012-07-24 14:48 ` Ian Jackson
  2012-07-30  9:50 ` Jan Beulich
  0 siblings, 2 replies; 4+ messages in thread
From: Zhang, Yang Z @ 2012-07-11  0:58 UTC (permalink / raw)
  To: xen-devel

According to vt-d specs, the addr in IOTLB invalidation descriptor should be 4K page aligned.

Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>

diff -r 0455d8317631 xen/drivers/passthrough/vtd/qinval.c
--- a/xen/drivers/passthrough/vtd/qinval.c      Thu Jun 28 18:43:28 2012 +0100
+++ b/xen/drivers/passthrough/vtd/qinval.c      Wed Jul 11 08:43:24 2012 +0800
@@ -140,7 +140,7 @@ static int gen_iotlb_inv_dsc(struct iomm
     qinval_entry->q.iotlb_inv_dsc.hi.am = am;
     qinval_entry->q.iotlb_inv_dsc.hi.ih = ih;
     qinval_entry->q.iotlb_inv_dsc.hi.res_1 = 0;
-    qinval_entry->q.iotlb_inv_dsc.hi.addr = addr;
+    qinval_entry->q.iotlb_inv_dsc.hi.addr = addr >> PAGE_SHIFT_4K;

     unmap_vtd_domain_page(qinval_entries);
     spin_unlock_irqrestore(&qi_ctrl->qinval_lock, flags);

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor
  2012-07-11  0:58 [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor Zhang, Yang Z
@ 2012-07-24 14:48 ` Ian Jackson
  2012-07-25  0:44   ` Zhang, Yang Z
  2012-07-30  9:50 ` Jan Beulich
  1 sibling, 1 reply; 4+ messages in thread
From: Ian Jackson @ 2012-07-24 14:48 UTC (permalink / raw)
  To: Zhang, Yang Z; +Cc: xen-devel

Zhang, Yang Z writes ("[Xen-devel] [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor"):
> According to vt-d specs, the addr in IOTLB invalidation descriptor should be 4K page aligned.
> 
> Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
> 
> diff -r 0455d8317631 xen/drivers/passthrough/vtd/qinval.c
> --- a/xen/drivers/passthrough/vtd/qinval.c      Thu Jun 28 18:43:28 2012 +0100
> +++ b/xen/drivers/passthrough/vtd/qinval.c      Wed Jul 11 08:43:24 2012 +0800
> @@ -140,7 +140,7 @@ static int gen_iotlb_inv_dsc(struct iomm
>      qinval_entry->q.iotlb_inv_dsc.hi.am = am;
>      qinval_entry->q.iotlb_inv_dsc.hi.ih = ih;
>      qinval_entry->q.iotlb_inv_dsc.hi.res_1 = 0;
> -    qinval_entry->q.iotlb_inv_dsc.hi.addr = addr;
> +    qinval_entry->q.iotlb_inv_dsc.hi.addr = addr >> PAGE_SHIFT_4K;
> 
>      unmap_vtd_domain_page(qinval_entries);
>      spin_unlock_irqrestore(&qi_ctrl->qinval_lock, flags);

Does this mean that previously we were invalidating the wrong place
and therefore our invalidations were ineffective ?  Can this be
exploited somehow by a malicious guest ?

Ian.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor
  2012-07-24 14:48 ` Ian Jackson
@ 2012-07-25  0:44   ` Zhang, Yang Z
  0 siblings, 0 replies; 4+ messages in thread
From: Zhang, Yang Z @ 2012-07-25  0:44 UTC (permalink / raw)
  To: Ian Jackson; +Cc: xen-devel

Ian Jackson wrote on 2012-07-24:
> Zhang, Yang Z writes ("[Xen-devel] [PATCH] vt-d: fix wrong addr in IOTLB
> invalidation descriptor"):
>> According to vt-d specs, the addr in IOTLB invalidation descriptor
>> should be 4K page aligned.
>> 
>> Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
>> 
>> diff -r 0455d8317631 xen/drivers/passthrough/vtd/qinval.c ---
>> a/xen/drivers/passthrough/vtd/qinval.c      Thu Jun 28 18:43:28 2012
>> +0100 +++ b/xen/drivers/passthrough/vtd/qinval.c      Wed Jul 11
>> 08:43:24 2012 +0800 @@ -140,7 +140,7 @@ static int
>> gen_iotlb_inv_dsc(struct iomm
>>      qinval_entry->q.iotlb_inv_dsc.hi.am = am;
>>      qinval_entry->q.iotlb_inv_dsc.hi.ih = ih;
>>      qinval_entry->q.iotlb_inv_dsc.hi.res_1 = 0;
>> -    qinval_entry->q.iotlb_inv_dsc.hi.addr = addr;
>> +    qinval_entry->q.iotlb_inv_dsc.hi.addr = addr >> PAGE_SHIFT_4K;
>> 
>>      unmap_vtd_domain_page(qinval_entries);
>>      spin_unlock_irqrestore(&qi_ctrl->qinval_lock, flags);
> 
> Does this mean that previously we were invalidating the wrong place
> and therefore our invalidations were ineffective ?  Can this be
> exploited somehow by a malicious guest ?

Yes. All the invalidations were ineffective before this patch. The previous release which supporting the QI also need this patch.

No, hypervisor owns it and guest is unaware of it.

Best regards,
Yang

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor
  2012-07-11  0:58 [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor Zhang, Yang Z
  2012-07-24 14:48 ` Ian Jackson
@ 2012-07-30  9:50 ` Jan Beulich
  1 sibling, 0 replies; 4+ messages in thread
From: Jan Beulich @ 2012-07-30  9:50 UTC (permalink / raw)
  To: Keir Fraser; +Cc: Yang Z Zhang, xen-devel

>>> On 11.07.12 at 02:58, "Zhang, Yang Z" <yang.z.zhang@intel.com> wrote:
> According to vt-d specs, the addr in IOTLB invalidation descriptor should be 
> 4K page aligned.

Could you please put this into both 4.x-testing trees, too?

Thanks, Jan

> Signed-off-by: Yang Zhang <yang.z.zhang@Intel.com>
> 
> diff -r 0455d8317631 xen/drivers/passthrough/vtd/qinval.c
> --- a/xen/drivers/passthrough/vtd/qinval.c      Thu Jun 28 18:43:28 2012 +0100
> +++ b/xen/drivers/passthrough/vtd/qinval.c      Wed Jul 11 08:43:24 2012 
> +0800
> @@ -140,7 +140,7 @@ static int gen_iotlb_inv_dsc(struct iomm
>      qinval_entry->q.iotlb_inv_dsc.hi.am = am;
>      qinval_entry->q.iotlb_inv_dsc.hi.ih = ih;
>      qinval_entry->q.iotlb_inv_dsc.hi.res_1 = 0;
> -    qinval_entry->q.iotlb_inv_dsc.hi.addr = addr;
> +    qinval_entry->q.iotlb_inv_dsc.hi.addr = addr >> PAGE_SHIFT_4K;
> 
>      unmap_vtd_domain_page(qinval_entries);
>      spin_unlock_irqrestore(&qi_ctrl->qinval_lock, flags);
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org 
> http://lists.xen.org/xen-devel 

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2012-07-30  9:50 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-11  0:58 [PATCH] vt-d: fix wrong addr in IOTLB invalidation descriptor Zhang, Yang Z
2012-07-24 14:48 ` Ian Jackson
2012-07-25  0:44   ` Zhang, Yang Z
2012-07-30  9:50 ` Jan Beulich

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.