File 0253-exec-Add-lock-parameter-to-qemu_ram.patch of Package qemu.9341

Overview Repositories Revisions Requests Users Attributes Meta

File 0253-exec-Add-lock-parameter-to-qemu_ram.patch of Package qemu.9341

From 85c582822c1e7a22461ca9f1eccf55e536749718 Mon Sep 17 00:00:00 2001
From: Anthony PERARD <anthony.perard@citrix.com>
Date: Wed, 26 Jul 2017 17:53:26 +0100
Subject: [PATCH] exec: Add lock parameter to qemu_ram_ptr_length

Commit 04bf2526ce87f21b32c9acba1c5518708c243ad0 (exec: use
qemu_ram_ptr_length to access guest ram) start using qemu_ram_ptr_length
instead of qemu_map_ram_ptr, but when used with Xen, the behavior of
both function is different. They both call xen_map_cache, but one with
"lock", meaning the mapping of guest memory is never released
implicitly, and the second one without, which means, mapping can be
release later, when needed.

In the context of address_space_{read,write}_continue, the ptr to those
mapping should not be locked because it is used immediatly and never
used again.

The lock parameter make it explicit in which context qemu_ram_ptr_length
is called.

Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Message-Id: <20170726165326.10327-1-anthony.perard@citrix.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit f5aa69bdc3418773f26747ca282c291519626ece)
[BR: BSC#1048902 BSC#1069178 CVE-2017-11334 (additional fix needed for orig
issue)]
Signed-off-by: Bruce Rogers <brogers@suse.com>
---
 exec.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/exec.c b/exec.c
index c5ce6c82b0..29ee6b39c2 100644
--- a/exec.c
+++ b/exec.c
@@ -1908,7 +1908,7 @@ void *qemu_get_ram_ptr(RAMBlock *ram_block, ram_addr_t addr)
  * Called within RCU critical section.
  */
 static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
-                                 hwaddr *size)
+                                 hwaddr *size, bool lock)
 {
     RAMBlock *block = ram_block;
     ram_addr_t offset_inside_block;
@@ -1928,10 +1928,10 @@ static void *qemu_ram_ptr_length(RAMBlock *ram_block, ram_addr_t addr,
          * In that case just map the requested area.
          */
         if (block->offset == 0) {
-            return xen_map_cache(addr, *size, 1, true);
+            return xen_map_cache(addr, *size, lock, lock);
         }
 
-        block->host = xen_map_cache(block->offset, block->max_length, 1, true);
+        block->host = xen_map_cache(block->offset, block->max_length, 1, lock);
     }
 
     return ramblock_ptr(block, offset_inside_block);
@@ -2628,7 +2628,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
         } else {
             addr1 += memory_region_get_ram_addr(mr);
             /* RAM case */
-            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l, false);
             memcpy(ptr, buf, l);
             invalidate_and_set_dirty(mr, addr1, l);
         }
@@ -2721,7 +2721,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
             /* RAM case */
             ptr = qemu_ram_ptr_length(mr->ram_block,
                                       memory_region_get_ram_addr(mr) + addr1,
-                                      &l);
+                                      &l, false);
             memcpy(buf, ptr, l);
         }
 
@@ -3018,7 +3018,7 @@ void *address_space_map(AddressSpace *as,
 
     memory_region_ref(mr);
     *plen = done;
-    ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen);
+    ptr = qemu_ram_ptr_length(mr->ram_block, raddr + base, plen, true);
     rcu_read_unlock();
 
     return ptr;

Places

File 0253-exec-Add-lock-parameter-to-qemu_ram.patch of Package qemu.9341

Places