Hi Oleksandr,
On 10/09/2020 21:22, Oleksandr Tyshchenko wrote:
From: Oleksandr Tyshchenko <oleksandr_tyshche...@epam.com>
The cmpxchg() in hvm_send_buffered_ioreq() operates on memory shared
with the emulator. In order to be on the safe side we need to switch
to guest_cmpxchg64() to prevent a domain to DoS Xen on Arm.
CC: Julien Grall <jgr...@amazon.com>
Signed-off-by: Oleksandr Tyshchenko <oleksandr_tyshche...@epam.com>
For bisection purpose, we need this series to at least build at every
patch. It is fine if the IOREQ feature doesn't work.
So this patch wants to be earlier in the series to avoid breaking arm32
compilation.
---
Please note, this patch depends on the following patch on a review:
https://patchwork.kernel.org/patch/11715559/
Changes RFC -> V1:
- new patch
---
---
xen/common/ioreq.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/xen/common/ioreq.c b/xen/common/ioreq.c
index e24a481..645d8a1 100644
--- a/xen/common/ioreq.c
+++ b/xen/common/ioreq.c
@@ -30,6 +30,8 @@
#include <xen/trace.h>
#include <xen/vpci.h>
+#include <asm/guest_atomics.h>
+
#include <public/hvm/dm_op.h>
#include <public/hvm/ioreq.h>
#include <public/hvm/params.h>
@@ -1325,7 +1327,7 @@ static int hvm_send_buffered_ioreq(struct
hvm_ioreq_server *s, ioreq_t *p)
new.read_pointer = old.read_pointer - n * IOREQ_BUFFER_SLOT_NUM;
new.write_pointer = old.write_pointer - n * IOREQ_BUFFER_SLOT_NUM;
- cmpxchg(&pg->ptrs.full, old.full, new.full);
+ guest_cmpxchg64(d, &pg->ptrs.full, old.full, new.full);
}
notify_via_xen_event_channel(d, s->bufioreq_evtchn);
--
Julien Grall
