[PATCH] x86/xen: add physically contiguous check to xen_destroy_contiguous_region
From: Joe Jin
Date: Thu Oct 25 2018 - 20:16:24 EST
xen_destroy_contiguous_region() used to exchange physically
contiguous memory with hypervisor, but it does not verify
that the memory is physically contiguous or no, passing
non-contiguous memory to xen_destroy_contiguous_region()
will lead kernel panic.
Signed-off-by: Joe Jin <joe.jin@xxxxxxxxxx>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>
Cc: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
Cc: Juergen Gross <jgross@xxxxxxxx>
---
arch/x86/xen/mmu_pv.c | 3 +++
drivers/xen/swiotlb-xen.c | 3 +--
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/x86/xen/mmu_pv.c b/arch/x86/xen/mmu_pv.c
index 70ea598a37d2..c2f081f8ebe3 100644
--- a/arch/x86/xen/mmu_pv.c
+++ b/arch/x86/xen/mmu_pv.c
@@ -2649,6 +2649,9 @@ void xen_destroy_contiguous_region(phys_addr_t pstart, unsigned int order)
if (unlikely(order > MAX_CONTIG_ORDER))
return;
+ if (range_straddles_page_boundary(pstart, PAGE_SIZE << order))
+ return;
+
vstart = (unsigned long)phys_to_virt(pstart);
memset((void *) vstart, 0, PAGE_SIZE << order);
diff --git a/drivers/xen/swiotlb-xen.c b/drivers/xen/swiotlb-xen.c
index f5c1af4ce9ab..432eeae02d7d 100644
--- a/drivers/xen/swiotlb-xen.c
+++ b/drivers/xen/swiotlb-xen.c
@@ -357,8 +357,7 @@ xen_swiotlb_free_coherent(struct device *hwdev, size_t size, void *vaddr,
/* Convert the size to actually allocated. */
size = 1UL << (order + XEN_PAGE_SHIFT);
- if (((dev_addr + size - 1 <= dma_mask)) ||
- range_straddles_page_boundary(phys, size))
+ if (dev_addr + size - 1 <= dma_mask)
xen_destroy_contiguous_region(phys, order);
xen_free_coherent_pages(hwdev, size, vaddr, (dma_addr_t)phys, attrs);
--
2.17.1 (Apple Git-112)