head	1.2;
access;
symbols
	pkgsrc-2019Q2:1.1.0.4
	pkgsrc-2019Q2-base:1.1
	pkgsrc-2019Q1:1.1.0.2
	pkgsrc-2019Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2019.08.30.13.16.27;	author bouyer;	state dead;
branches;
next	1.1;
commitid	Bhbqj9CPVWgYm3BB;

1.1
date	2019.03.07.11.13.27;	author bouyer;	state Exp;
branches;
next	;
commitid	Gzute5jK7xPyjqeB;


desc
@@


1.2
log
@Upgrade Xen 4.11 packages to 4.11.2. CHANGES since 4.11.1:
- include security patches up to and including XSA297
- various performances improvements, code cleanup and bug fixes
@
text
@$NetBSD: patch-XSA291,v 1.1 2019/03/07 11:13:27 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: x86/mm: don't retain page type reference when IOMMU operation fails

The IOMMU update in _get_page_type() happens between recording of the
new reference and validation of the page for its new type (if
necessary). If the IOMMU operation fails, there's no point in actually
carrying out validation. Furthermore, with this resulting in failure
getting indicated to the caller, the recorded type reference also needs
to be dropped again.

Note that in case of failure of alloc_page_type() there's no need to
undo the IOMMU operation: Only special types get handed to the function.
The function, upon failure, clears ->u.inuse.type_info, effectively
converting the page to PGT_none. The IOMMU mapping, however, solely
depends on whether the type is PGT_writable_page.

This is XSA-291.

Reported-by: Igor Druzhinin <igor.druzhinin@@citrix.com>
Reported-by: Andrew Cooper <andrew.cooper3@@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@@citrix.com>

--- xen/arch/x86/mm.c.orig
+++ xen/arch/x86/mm.c
@@@@ -2751,6 +2751,13 @@@@ static int _get_page_type(struct page_in
                 iommu_ret = iommu_map_page(d, gfn_x(gfn),
                                            mfn_x(page_to_mfn(page)),
                                            IOMMUF_readable|IOMMUF_writable);
+
+            if ( unlikely(iommu_ret) )
+            {
+                _put_page_type(page, false, NULL);
+                rc = iommu_ret;
+                goto out;
+            }
         }
     }
 
@@@@ -2765,12 +2772,10 @@@@ static int _get_page_type(struct page_in
         rc = alloc_page_type(page, type, preemptible);
     }
 
+ out:
     if ( (x & PGT_partial) && !(nx & PGT_partial) )
         put_page(page);
 
-    if ( !rc )
-        rc = iommu_ret;
-
     return rc;
 }
 
@


1.1
log
@Update to 4.11.1nb1
PKGREVISION set to 1 on purpose, because this is not a stock 4.11.1 kernel
(it includes security patches).
4.11.1 includes all security patches up to XSA282.
Apply official patches for XSA284, XSA285, XSA287, XSA288, XSA290, XSA291,
XSA292, XSA293 and XSA294.
Other changes since 4.11.0 are mostly bugfixes, no new features.
@
text
@d1 1
a1 1
$NetBSD: $
@