From mboxrd@z Thu Jan 1 00:00:00 1970 From: Suravee Suthikulpanit Subject: Re: [PATCH v4 1/2] amd/passthrough: Do not leak domain mappings from do_invalidate_dte() Date: Mon, 9 Dec 2013 14:02:56 -0600 Message-ID: <52A621F0.9000400@amd.com> References: <52A60CED.7090108@amd.com> <1386614460-31420-1-git-send-email-andrew.cooper3@citrix.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7209204171498344238==" Return-path: In-Reply-To: <1386614460-31420-1-git-send-email-andrew.cooper3@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Andrew Cooper , Xen-devel Cc: Keir Fraser List-Id: xen-devel@lists.xenproject.org --===============7209204171498344238== Content-Type: multipart/alternative; boundary="------------090900080406040308090509" --------------090900080406040308090509 Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit On 12/9/2013 12:41 PM, Andrew Cooper wrote: > Coverity ID: 1135379 > > As the code stands, the domain mapping will be leaked on each error path. > > The mapping can be for a much shorter period of time, and all the relevent > information can be pulled out at once. > > Signed-off-by: Andrew Cooper > CC: Keir Fraser > Reviewed-by: Jan Beulich > CC: Suravee Suthikulpanit > > --- > > Changes in v4: > * Move comment, and unmap the base pointer. > --- > xen/drivers/passthrough/amd/iommu_guest.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/xen/drivers/passthrough/amd/iommu_guest.c b/xen/drivers/passthrough/amd/iommu_guest.c > index 952600a..477de20 100644 > --- a/xen/drivers/passthrough/amd/iommu_guest.c > +++ b/xen/drivers/passthrough/amd/iommu_guest.c > @@ -424,12 +424,17 @@ static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd) > sizeof(dev_entry_t), gbdf); > ASSERT(mfn_valid(dte_mfn)); > > + /* Read guest dte information */ > dte_base = map_domain_page(dte_mfn); > > gdte = dte_base + gbdf % (PAGE_SIZE / sizeof(dev_entry_t)); > > gdom_id = get_domid_from_dte(gdte); > gcr3_gfn = get_guest_cr3_from_dte(gdte); > + glx = get_glx_from_dte(gdte); > + gv = get_gv_from_dte(gdte); > + > + unmap_domain_page(dte_base); > > /* Do not update host dte before gcr3 has been set */ > if ( gcr3_gfn == 0 ) > @@ -440,7 +445,6 @@ static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd) > > ASSERT(mfn_valid(gcr3_mfn)); > > - /* Read guest dte information */ > iommu = find_iommu_for_device(0, mbdf); > if ( !iommu ) > { > @@ -449,11 +453,6 @@ static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd) > return -ENODEV; > } > > - glx = get_glx_from_dte(gdte); > - gv = get_gv_from_dte(gdte); > - > - unmap_domain_page(dte_base); > - > /* Setup host device entry */ > hdom_id = host_domid(d, gdom_id); > req_id = get_dma_requestor_id(iommu->seg, mbdf); Reviewed and Tested. Acked-by: Suravee Suthikulpanit Thanks, Suravee --------------090900080406040308090509 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit
On 12/9/2013 12:41 PM, Andrew Cooper wrote:
Coverity ID: 1135379

As the code stands, the domain mapping will be leaked on each error path.

The mapping can be for a much shorter period of time, and all the relevent
information can be pulled out at once.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Keir Fraser <keir@xen.org>
Reviewed-by: Jan Beulich <JBeulich@suse.com>
CC: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>

---

Changes in v4:
 * Move comment, and unmap the base pointer.
---
 xen/drivers/passthrough/amd/iommu_guest.c |   11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/xen/drivers/passthrough/amd/iommu_guest.c b/xen/drivers/passthrough/amd/iommu_guest.c
index 952600a..477de20 100644
--- a/xen/drivers/passthrough/amd/iommu_guest.c
+++ b/xen/drivers/passthrough/amd/iommu_guest.c
@@ -424,12 +424,17 @@ static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd)
                                         sizeof(dev_entry_t), gbdf);
     ASSERT(mfn_valid(dte_mfn));
 
+    /* Read guest dte information */
     dte_base = map_domain_page(dte_mfn);
 
     gdte = dte_base + gbdf % (PAGE_SIZE / sizeof(dev_entry_t));
 
     gdom_id  = get_domid_from_dte(gdte);
     gcr3_gfn = get_guest_cr3_from_dte(gdte);
+    glx      = get_glx_from_dte(gdte);
+    gv       = get_gv_from_dte(gdte);
+
+    unmap_domain_page(dte_base);
 
     /* Do not update host dte before gcr3 has been set */
     if ( gcr3_gfn == 0 )
@@ -440,7 +445,6 @@ static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd)
 
     ASSERT(mfn_valid(gcr3_mfn));
 
-    /* Read guest dte information */
     iommu = find_iommu_for_device(0, mbdf);
     if ( !iommu )
     {
@@ -449,11 +453,6 @@ static int do_invalidate_dte(struct domain *d, cmd_entry_t *cmd)
         return -ENODEV;
     }
 
-    glx = get_glx_from_dte(gdte);
-    gv = get_gv_from_dte(gdte);
-
-    unmap_domain_page(dte_base);
-
     /* Setup host device entry */
     hdom_id = host_domid(d, gdom_id);
     req_id = get_dma_requestor_id(iommu->seg, mbdf);
Reviewed and Tested.

Acked-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>

Thanks,

Suravee
 --------------090900080406040308090509-- --===============7209204171498344238== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --===============7209204171498344238==--