From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [PATCH v2 1/2] amd/passthrough: Do not leak domain
	mappings from do_invalidate_dte()
Date: Wed, 4 Dec 2013 16:44:50 +0000
Message-ID: <1386175490-31601-1-git-send-email-andrew.cooper3@citrix.com>
References: <529F56C6020000780010A191@nat28.tlf.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <529F56C6020000780010A191@nat28.tlf.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Xen-devel <xen-devel@lists.xen.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Keir Fraser <keir@xen.org>, Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>, Jan Beulich <JBeulich@suse.com>
List-Id: xen-devel@lists.xenproject.org

Coverity ID: 1135379

As the code stands, the domain mapping will be leaked on each error path.

The mapping can be for a much shorter period of time, and all the relevent
information can be pulled out at once.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Keir Fraser <keir@xen.org>
CC: Jan Beulich <JBeulich@suse.com>
CC: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>

---

Changes in v2:
 * Reduce the mapping period (Suggested by Jan)

---
 xen/drivers/passthrough/amd/iommu_guest.c |   15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/xen/drivers/passthrough/amd/iommu_guest.c b/xen/drivers/passthrough/amd/iommu_guest.c
index 952600a..0e0a7bb 100644
--- a/xen/drivers/passthrough/amd/iommu_guest.c
+++ b/xen/drivers/passthrough/amd/iommu_guest.c
@@ -399,7 +399,7 @@ static int do_completion_wait(struct domain *d, cmd_entry_t *cmd)
 static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd)
 {
     uint16_t gbdf, mbdf, req_id, gdom_id, hdom_id;
-    dev_entry_t *gdte, *mdte, *dte_base;
+    dev_entry_t *gdte, *mdte;
     struct amd_iommu *iommu = NULL;
     struct guest_iommu *g_iommu;
     uint64_t gcr3_gfn, gcr3_mfn;
@@ -424,12 +424,14 @@ static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd)
                                         sizeof(dev_entry_t), gbdf);
     ASSERT(mfn_valid(dte_mfn));
 
-    dte_base = map_domain_page(dte_mfn);
-
-    gdte = dte_base + gbdf % (PAGE_SIZE / sizeof(dev_entry_t));
+    gdte = map_domain_page(dte_mfn) + gbdf % (PAGE_SIZE / sizeof(dev_entry_t));
 
     gdom_id  = get_domid_from_dte(gdte);
     gcr3_gfn = get_guest_cr3_from_dte(gdte);
+    glx      = get_glx_from_dte(gdte);
+    gv       = get_gv_from_dte(gdte);
+
+    unmap_domain_page(gdte);
 
     /* Do not update host dte before gcr3 has been set */
     if ( gcr3_gfn == 0 )
@@ -449,11 +451,6 @@ static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd)
         return -ENODEV;
     }
 
-    glx = get_glx_from_dte(gdte);
-    gv = get_gv_from_dte(gdte);
-
-    unmap_domain_page(dte_base);
-
     /* Setup host device entry */
     hdom_id = host_domid(d, gdom_id);
     req_id = get_dma_requestor_id(iommu->seg, mbdf);
-- 
1.7.10.4