head	1.2;
access;
symbols
	pkgsrc-2018Q4:1.1.0.2
	pkgsrc-2018Q4-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2019.03.07.11.13.26;	author bouyer;	state dead;
branches;
next	1.1;
commitid	Gzute5jK7xPyjqeB;

1.1
date	2018.11.28.14.00.49;	author bouyer;	state Exp;
branches;
next	;
commitid	C93LX9fVeilTsI1B;


desc
@@


1.2
log
@Update to 4.11.1nb1
PKGREVISION set to 1 on purpose, because this is not a stock 4.11.1 kernel
(it includes security patches).
4.11.1 includes all security patches up to XSA282.
Apply official patches for XSA284, XSA285, XSA287, XSA288, XSA290, XSA291,
XSA292, XSA293 and XSA294.
Other changes since 4.11.0 are mostly bugfixes, no new features.
@
text
@$NetBSD: patch-XSA275-2,v 1.1 2018/11/28 14:00:49 bouyer Exp $

From: Jan Beulich <jbeulich@@suse.com>
Subject: AMD/IOMMU: suppress PTE merging after initial table creation

The logic is not fit for this purpose, so simply disable its use until
it can be fixed / replaced. Note that this re-enables merging for the
table creation case, which was disabled as a (perhaps unintended) side
effect of the earlier "amd/iommu: fix flush checks". It relies on no
page getting mapped more than once (with different properties) in this
process, as that would still be beyond what the merging logic can cope
with. But arch_iommu_populate_page_table() guarantees this afaict.

This is part of XSA-275.

Reported-by: Paul Durrant <paul.durrant@@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@@suse.com>

--- xen/drivers/passthrough/amd/iommu_map.c.orig
+++ xen/drivers/passthrough/amd/iommu_map.c
@@@@ -702,11 +702,24 @@@@ int amd_iommu_map_page(struct domain *d,
                                        !!(flags & IOMMUF_writable),
                                        !!(flags & IOMMUF_readable));
 
-    /* Do not increase pde count if io mapping has not been changed */
-    if ( !need_flush )
-        goto out;
+    if ( need_flush )
+    {
+        amd_iommu_flush_pages(d, gfn, 0);
+        /* No further merging, as the logic doesn't cope. */
+        hd->arch.no_merge = true;
+    }
 
-    amd_iommu_flush_pages(d, gfn, 0);
+    /*
+     * Suppress merging of non-R/W mappings or after initial table creation,
+     * as the merge logic does not cope with this.
+     */
+    if ( hd->arch.no_merge || flags != (IOMMUF_writable | IOMMUF_readable) )
+        goto out;
+    if ( d->creation_finished )
+    {
+        hd->arch.no_merge = true;
+        goto out;
+    }
 
     for ( merge_level = IOMMU_PAGING_MODE_LEVEL_2;
           merge_level <= hd->arch.paging_mode; merge_level++ )
@@@@ -780,6 +793,10 @@@@ int amd_iommu_unmap_page(struct domain *
 
     /* mark PTE as 'page not present' */
     clear_iommu_pte_present(pt_mfn[1], gfn);
+
+    /* No further merging in amd_iommu_map_page(), as the logic doesn't cope. */
+    hd->arch.no_merge = true;
+
     spin_unlock(&hd->arch.mapping_lock);
 
     amd_iommu_flush_pages(d, gfn, 0);
--- xen/include/asm-x86/iommu.h.orig
+++ xen/include/asm-x86/iommu.h
@@@@ -40,6 +40,7 @@@@ struct arch_iommu
 
     /* amd iommu support */
     int paging_mode;
+    bool no_merge;
     struct page_info *root_table;
     struct guest_iommu *g_iommu;
 };
@


1.1
log
@Apply available security patches relevant for Xen 4.11, up to XSA282.
Bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD: $
@