| Message ID | 1413562484-13383-1-git-send-email-julien.grall@linaro.org |
|---|---|
| State | Accepted, archived |
| Headers | show |
On Fri, 2014-10-17 at 17:14 +0100, Julien Grall wrote: > When Xen is flushing the TLB for another domain than current, it has to > switch temporaly to the P2M of this domain. If the IRQs are enabled, it may > be possible to receive an interrupt that require to use the P2M of the current > domain, or even temporaly switch to another P2M. > For the former case, the translation would be wrong. For the latter one, > as the handler would restore the current P2M, Xen would flush the wrong domain > TLB. > > Thankfully we don't have such interrupt handler, but it may be necessary > in the future to do that during when the user asks to dump domain stack via > a keystroke. > > Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked + applied as a bug fix. I fixed the spelling of temporarily for you as I went, and fixed up some grammar. Ian.
diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index 1585d35..c02bb2c 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -112,17 +112,25 @@ void p2m_restore_state(struct vcpu *n) void flush_tlb_domain(struct domain *d) { + unsigned long flags = 0; + /* Update the VTTBR if necessary with the domain d. In this case, * it's only necessary to flush TLBs on every CPUs with the current VMID * (our domain). */ if ( d != current->domain ) + { + local_irq_save(flags); p2m_load_VTTBR(d); + } flush_tlb(); if ( d != current->domain ) + { p2m_load_VTTBR(current->domain); + local_irq_restore(flags); + } } /*
When Xen is flushing the TLB for another domain than current, it has to switch temporaly to the P2M of this domain. If the IRQs are enabled, it may be possible to receive an interrupt that require to use the P2M of the current domain, or even temporaly switch to another P2M. For the former case, the translation would be wrong. For the latter one, as the handler would restore the current P2M, Xen would flush the wrong domain TLB. Thankfully we don't have such interrupt handler, but it may be necessary in the future to do that during when the user asks to dump domain stack via a keystroke. Signed-off-by: Julien Grall <julien.grall@linaro.org> --- I'd like to see this patch in Xen 4.5. This may help people that want to implement a such keystroke handler (and even fix the current '0'). It will also avoid to introduce possible security issue on their own Xen-based product. The code is self contained and the interrupt is disabled/enabled within the same function and same check. --- xen/arch/arm/p2m.c | 8 ++++++++ 1 file changed, 8 insertions(+)