From patchwork Tue Jul 25 09:50:13 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: =?utf-8?b?SsO8cmdlbiBHcm/Dnw==?= <jgross@suse.com>
X-Patchwork-Id: 9861605
Return-Path: <xen-devel-bounces@lists.xen.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	53871601A1 for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 25 Jul 2017 09:52:32 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3D68228600
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 25 Jul 2017 09:52:32 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 3166228614; Tue, 25 Jul 2017 09:52:32 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D591328600
	for <patchwork-xen-devel@patchwork.kernel.org>;
	Tue, 25 Jul 2017 09:52:31 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <xen-devel-bounces@lists.xen.org>)
	id 1dZwTy-000056-Ky; Tue, 25 Jul 2017 09:50:26 +0000
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
	by lists.xenproject.org with esmtp (Exim 4.84_2)
	(envelope-from <jgross@suse.com>) id 1dZwTx-0008Vp-88
	for xen-devel@lists.xenproject.org; Tue, 25 Jul 2017 09:50:25 +0000
Received: from [85.158.143.35] by server-5.bemta-6.messagelabs.com id
	93/33-03368-06417795; Tue, 25 Jul 2017 09:50:24 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrALMWRWlGSWpSXmKPExsVyuP0Ov26cSHm
	kwb79Ihbft0xmcmD0OPzhCksAYxRrZl5SfkUCa0bjw0b2gv8CFYd+7mJsYDzM18XIySEhYCTx
	duI/pi5GLg4hgYWMEjePrWUGSbAJqEpsuH6KFcQWEQiS2NDRygRiMwtUSLT8v8TSxcjBISxgJ
	THroT5ImAWovOn8OnYQm1fAWKLnah8bxHx5iY4Dk1lAbE4BE4kZc5eCtQoB1az7yTuBkXsBI8
	MqRo3i1KKy1CJdIzO9pKLM9IyS3MTMHF1DAzO93NTi4sT01JzEpGK95PzcTYxA3zIAwQ7GMws
	CDzFKcjApifKm7yqLFOJLyk+pzEgszogvKs1JLT7EKMPBoSTBKypcHikkWJSanlqRlpkDDDKY
	tAQHj5II7z4hoDRvcUFibnFmOkTqFKMux6sJ/78xCbHk5eelSonzuoDMEAApyijNgxsBC/hLj
	LJSwryMQEcJ8RSkFuVmlqDKv2IU52BUEuZtApnCk5lXArfpFdARTEBHzJlRCnJESSJCSqqBMS
	zlx9KbvXeStZ/+PPJ2I3vGRAW1V5K859+pOdZyzrsspnz+aKbc8em8f6Tmvrf6Uuy+6f8xyU4
	+h9dSuzfa3AtReJJ6U3+baSSfy9+p21a+FHNpMjQTP3D37gaT3byLHjU58tp9V523fanvAul5
	/5pP3Ft0SnPS72cnMh+9c1F+vF9Wb9K9r+ZKLMUZiYZazEXFiQCDHKEUcwIAAA==
X-Env-Sender: jgross@suse.com
X-Msg-Ref: server-6.tower-21.messagelabs.com!1500976219!51771236!1
X-Originating-IP: [195.135.220.15]
X-SpamReason: No, hits=0.0 required=7.0 tests=
X-StarScan-Received: 
X-StarScan-Version: 9.4.25; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 29862 invoked from network); 25 Jul 2017 09:50:22 -0000
Received: from mx2.suse.de (HELO mx1.suse.de) (195.135.220.15)
	by server-6.tower-21.messagelabs.com with DHE-RSA-CAMELLIA256-SHA
	encrypted SMTP; 25 Jul 2017 09:50:22 -0000
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])
	by mx1.suse.de (Postfix) with ESMTP id B5184AC6B;
	Tue, 25 Jul 2017 09:50:18 +0000 (UTC)
From: Juergen Gross <jgross@suse.com>
To: linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org,
	x86@kernel.org
Date: Tue, 25 Jul 2017 11:50:13 +0200
Message-Id: <20170725095013.2939-4-jgross@suse.com>
X-Mailer: git-send-email 2.12.3
In-Reply-To: <20170725095013.2939-1-jgross@suse.com>
References: <20170725095013.2939-1-jgross@suse.com>
Cc: Juergen Gross <jgross@suse.com>, boris.ostrovsky@oracle.com,
	mingo@redhat.com, tglx@linutronix.de, hpa@zytor.com
Subject: [Xen-devel] [PATCH 3/3] xen: fix hvm guest with kaslr enabled
X-BeenThere: xen-devel@lists.xen.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
X-Virus-Scanned: ClamAV using ClamSMTP

A Xen HVM guest running with KASLR enabled will die rather soon today
due to the shared info page mapping is using va() too early. This was
introduced by commit a5d5f328b0e2baa5ee7c119fd66324eb79eeeb66 ("xen:
allocate page for shared info page from low memory").

In order to fix this use early_memremap() to get a temporary virtual
address for shared info until va() can be used safely.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
 arch/x86/xen/enlighten_hvm.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/arch/x86/xen/enlighten_hvm.c b/arch/x86/xen/enlighten_hvm.c
index d23531f5f17e..de503c225ae1 100644
--- a/arch/x86/xen/enlighten_hvm.c
+++ b/arch/x86/xen/enlighten_hvm.c
@@ -12,6 +12,7 @@
 #include <asm/setup.h>
 #include <asm/hypervisor.h>
 #include <asm/e820/api.h>
+#include <asm/early_ioremap.h>
 
 #include <asm/xen/cpuid.h>
 #include <asm/xen/hypervisor.h>
@@ -21,6 +22,8 @@
 #include "mmu.h"
 #include "smp.h"
 
+static unsigned long shared_info_pfn;
+
 void xen_hvm_init_shared_info(void)
 {
 	struct xen_add_to_physmap xatp;
@@ -28,7 +31,7 @@ void xen_hvm_init_shared_info(void)
 	xatp.domid = DOMID_SELF;
 	xatp.idx = 0;
 	xatp.space = XENMAPSPACE_shared_info;
-	xatp.gpfn = virt_to_pfn(HYPERVISOR_shared_info);
+	xatp.gpfn = shared_info_pfn;
 	if (HYPERVISOR_memory_op(XENMEM_add_to_physmap, &xatp))
 		BUG();
 }
@@ -51,8 +54,16 @@ static void __init reserve_shared_info(void)
 	     pa += PAGE_SIZE)
 		;
 
+	shared_info_pfn = PHYS_PFN(pa);
+
 	memblock_reserve(pa, PAGE_SIZE);
-	HYPERVISOR_shared_info = __va(pa);
+	HYPERVISOR_shared_info = early_memremap(pa, PAGE_SIZE);
+}
+
+static void __init xen_hvm_init_mem_mapping(void)
+{
+	early_memunmap(HYPERVISOR_shared_info, PAGE_SIZE);
+	HYPERVISOR_shared_info = __va(PFN_PHYS(shared_info_pfn));
 }
 
 static void __init init_hvm_pv_info(void)
@@ -221,5 +232,6 @@ const struct hypervisor_x86 x86_hyper_xen_hvm = {
 	.init_platform          = xen_hvm_guest_init,
 	.pin_vcpu               = xen_pin_vcpu,
 	.x2apic_available       = xen_x2apic_para_available,
+	.init_mem_mapping	= xen_hvm_init_mem_mapping,
 };
 EXPORT_SYMBOL(x86_hyper_xen_hvm);