Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1581079pxb;
        Mon, 22 Feb 2021 05:56:42 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwmhTnqYTiyvxiikQqy0MP5+PFYFyeOaJZvI3gA3vkSanHD11z3oNugGB/OoVZHlD1y9qAy
X-Received: by 2002:a05:6402:1641:: with SMTP id s1mr23206485edx.272.1614002202283;
        Mon, 22 Feb 2021 05:56:42 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1614002202; cv=none;
        d=google.com; s=arc-20160816;
        b=UoLYk/4hy2gEiLYych6eGgY6JyaIgeMKxzba8sXml33akEMRKVJfkDng1Vm4Mhb5PA
         ZX49kadwZSRT+GXP6NpE8yZjQWaZ2nbRAvr9zyISMVVb/4TzIGOtWdKQYrckFX5XQ+U6
         9y8xNez7ZneDd033Hyy8n1E0m2ZnS4saoDD+t3NC67VyBexWukMU1D4O5CLAm2g3SCHQ
         kAQYY0Qdq2ncZmqpse8+7yac+ngMcrDt/5sNyg9dV7waZr6prI3uSyxeiLEWpH/Kzqcr
         kbVR9qeeHy/rxyyjUSjWxYGw78y53mQiSqp/Bcr7nrBu9wbokzLXAdSdUSH8C37SYf5R
         qLng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=2Rj7aWDQUhQMqgKl/6SjVXjXjpqfL0Vwbi63ThbM1tc=;
        b=pfHCtEMYuN/TDhVlfRVe+mPr6M+twStlQHhR9gbvueIKyqqszF/ogYERy4fxFlYIDV
         SV7X09fBWfjdLmPld+9uNB155/bRj1WY8XxCQdjTx8NG9aMwQBeFGmOV7yWAm6U7y7TS
         NY+vrPfitVOmdxjKVUMkJ6AW248kOEKRPafmDHVyDxl2jv5A7BrVsiZpWT1KeS4Z+PpW
         64BleGyZl8r4CFc9MpMYVVlnx/MsH2zXxCdBgCCPdTbmfV9DIjojXAQNwMHNH6Tr1AEB
         DRuones5K+8UpmDoUSuC5p+Zm2VT+0GhNJyk2bvWPju/DdOTGdtv4UieLrBnBgto/anB
         jxJg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="rlw/+k5/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id h23si9026697edq.38.2021.02.22.05.56.19;
        Mon, 22 Feb 2021 05:56:42 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="rlw/+k5/";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232006AbhBVNzp (ORCPT <rfc822;lsq991025@gmail.com> + 99 others);
        Mon, 22 Feb 2021 08:55:45 -0500
Received: from mail.kernel.org ([198.145.29.99]:57092 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231419AbhBVMrL (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 Feb 2021 07:47:11 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id 518DB64F5D;
        Mon, 22 Feb 2021 12:42:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1613997740;
        bh=p+oW8OlV44RvJ5tEMAQrHVoWPqjBmbA2LBQUBE50Jaw=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=rlw/+k5/y40RSomHwfPjJbmFAaSy2PouzjBpSNit/VVSQkzsg1tJO4+ajBJ5GGUFP
         wLKif9oQz2lyULHDGE5I3mhKywY+8bfiHVhhsPF8MuRk8+XnGwdY+NjIMg3Vg8ID8F
         f2B0oy9K578w/KB2LRRISd2SMqiS4QMohAPRvaPM=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Jan Beulich <jbeulich@suse.com>,
        Stefano Stabellini <sstabellini@kernel.org>,
        Juergen Gross <jgross@suse.com>
Subject: [PATCH 4.9 41/49] Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
Date:   Mon, 22 Feb 2021 13:36:39 +0100
Message-Id: <20210222121027.958279402@linuxfoundation.org>
X-Mailer: git-send-email 2.30.1
In-Reply-To: <20210222121022.546148341@linuxfoundation.org>
References: <20210222121022.546148341@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jan Beulich <jbeulich@suse.com>

commit dbe5283605b3bc12ca45def09cc721a0a5c853a2 upstream.

We may not skip setting the field in the unmap structure when
GNTMAP_device_map is in use - such an unmap would fail to release the
respective resources (a page ref in the hypervisor). Otoh the field
doesn't need setting at all when GNTMAP_device_map is not in use.

To record the value for unmapping, we also better don't use our local
p2m: In particular after a subsequent change it may not have got updated
for all the batch elements. Instead it can simply be taken from the
respective map's results.

We can additionally avoid playing this game altogether for the kernel
part of the mappings in (x86) PV mode.

This is part of XSA-361.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: stable@vger.kernel.org
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/xen/gntdev.c |   16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

--- a/drivers/xen/gntdev.c
+++ b/drivers/xen/gntdev.c
@@ -293,18 +293,25 @@ static int map_grant_pages(struct grant_
 		 * to the kernel linear addresses of the struct pages.
 		 * These ptes are completely different from the user ptes dealt
 		 * with find_grant_ptes.
+		 * Note that GNTMAP_device_map isn't needed here: The
+		 * dev_bus_addr output field gets consumed only from ->map_ops,
+		 * and by not requesting it when mapping we also avoid needing
+		 * to mirror dev_bus_addr into ->unmap_ops (and holding an extra
+		 * reference to the page in the hypervisor).
 		 */
+		unsigned int flags = (map->flags & ~GNTMAP_device_map) |
+				     GNTMAP_host_map;
+
 		for (i = 0; i < map->count; i++) {
 			unsigned long address = (unsigned long)
 				pfn_to_kaddr(page_to_pfn(map->pages[i]));
 			BUG_ON(PageHighMem(map->pages[i]));
 
-			gnttab_set_map_op(&map->kmap_ops[i], address,
-				map->flags | GNTMAP_host_map,
+			gnttab_set_map_op(&map->kmap_ops[i], address, flags,
 				map->grants[i].ref,
 				map->grants[i].domid);
 			gnttab_set_unmap_op(&map->kunmap_ops[i], address,
-				map->flags | GNTMAP_host_map, -1);
+				flags, -1);
 		}
 	}
 
@@ -320,6 +327,9 @@ static int map_grant_pages(struct grant_
 			continue;
 		}
 
+		if (map->flags & GNTMAP_device_map)
+			map->unmap_ops[i].dev_bus_addr = map->map_ops[i].dev_bus_addr;
+
 		map->unmap_ops[i].handle = map->map_ops[i].handle;
 		if (use_ptemod)
 			map->kunmap_ops[i].handle = map->kmap_ops[i].handle;