From patchwork Mon Jan 20 14:31:42 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Julien Grall <julien@xen.org>
X-Patchwork-Id: 11342347
Return-Path: <SRS0=qyBi=3J=lists.xenproject.org=xen-devel-bounces@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1F72F924
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Mon, 20 Jan 2020 14:33:28 +0000 (UTC)
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 059B920678
	for <patchwork-xen-devel@patchwork.kernel.org>;
 Mon, 20 Jan 2020 14:33:27 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 059B920678
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=xen.org
Authentication-Results: mail.kernel.org;
 spf=none smtp.mailfrom=xen-devel-bounces@lists.xenproject.org
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.89)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1itY5r-00048R-MZ; Mon, 20 Jan 2020 14:31:55 +0000
Received: from all-amaz-eas1.inumbo.com ([34.197.232.57]
 helo=us1-amaz-eas2.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from
 <SRS0=3ogU=3J=gmail.com=julien.grall.oss@srs-us1.protection.inumbo.net>)
 id 1itY5q-00048M-Is
 for xen-devel@lists.xenproject.org; Mon, 20 Jan 2020 14:31:54 +0000
X-Inumbo-ID: 979e67fe-3b91-11ea-b986-12813bfff9fa
Received: from mail-wr1-f68.google.com (unknown [209.85.221.68])
 by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS
 id 979e67fe-3b91-11ea-b986-12813bfff9fa;
 Mon, 20 Jan 2020 14:31:49 +0000 (UTC)
Received: by mail-wr1-f68.google.com with SMTP id t2so29808123wrr.1
 for <xen-devel@lists.xenproject.org>; Mon, 20 Jan 2020 06:31:49 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=hHJhwr5erh/UYPxy3FYpYx/861mLb40RvwczGsEqYcY=;
 b=HQex0IFHlgf2ToVD+DQju9ZS0SGSH9ggTmT61pwQldg67Q9x7wfmEQIiDdM6Lxyt97
 SO4e2ANEHW+HTO8gvEXiw46V9+3cB4+QEiS4M7I+C0FzKSBFj8/CWwVPFbSnWfDRtq1X
 xnXLwosBgNDI1atX+fkjsgaXTs+9C8Qa+JzYbpV92HVGWWP9+GUwMV3Z5TBW0NElhF2f
 WvaiBUQG79AJ9cfdWi8t1CDIYXzsKPFQcMeemjjb2LfcFZlBCWJ0HVbxxZGoupVK9dRf
 AReqqI5OT0P56D1S8U+Gz/PaxSb+BobH5A83v/bmUTRcwbqz+bAbqDbxMslQE5Hrb/+Y
 ATTg==
X-Gm-Message-State: APjAAAXQcThQ8vZCcrl5L8pzeouDqkBd/MioDXFRqqWLzWw/+jp14PFr
 qChIfpueO9rwXoXB8SKpX13fcwoYBi+loA==
X-Google-Smtp-Source: 
 APXvYqxNgdIEDHTSvzN/KuaqXluHeRiXQtxkObha89LagoV8dEZO5tJaZAbFKvErh0kHQ7ZkOZysDQ==
X-Received: by 2002:a5d:620b:: with SMTP id
 y11mr18358497wru.230.1579530708234;
 Mon, 20 Jan 2020 06:31:48 -0800 (PST)
Received: from ufe34d9ed68d054.ant.amazon.com (54-240-197-235.amazon.com.
 [54.240.197.235])
 by smtp.gmail.com with ESMTPSA id 5sm48379761wrh.5.2020.01.20.06.31.47
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 20 Jan 2020 06:31:47 -0800 (PST)
From: Julien Grall <julien@xen.org>
To: xen-devel@lists.xenproject.org
Date: Mon, 20 Jan 2020 14:31:42 +0000
Message-Id: <20200120143142.19820-1-julien@xen.org>
X-Mailer: git-send-email 2.17.1
Subject: [Xen-devel] [PATCH] xen/x86: domain: Free all the pages associated
 to struct domain
X-BeenThere: xen-devel@lists.xenproject.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Cc: Wei Liu <wl@xen.org>, Andrew Cooper <andrew.cooper3@citrix.com>,
 Julien Grall <jgrall@amazon.com>, Jan Beulich <jbeulich@suse.com>,
 David Woodhouse <dwmw@amazon.co.uk>,
 =?utf-8?q?Roger_Pau_Monn=C3=A9?= <roger.pau@citrix.com>
MIME-Version: 1.0
Errors-To: xen-devel-bounces@lists.xenproject.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>

From: Julien Grall <jgrall@amazon.com>

The structure domain may be bigger than a page size when lock profiling
is enabled. However, the function free_domheap_struct will only free the
first page.

This is not a security issue because struct domain can only be bigger
than a page size for lock profiling. The feature can only be selected
in DEBUG and EXPERT mode.

Fixes: 8916fcf4577 ("x86/domain: compile with lock_profile=y enabled")
Reported-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Julien Grall <jgrall@amazon.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
---
 xen/arch/x86/domain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 28fefa1f81..a5380b9bab 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -344,7 +344,7 @@ struct domain *alloc_domain_struct(void)
 
 void free_domain_struct(struct domain *d)
 {
-    free_xenheap_page(d);
+    free_xenheap_pages(d, get_order_from_bytes(sizeof(*d)));
 }
 
 struct vcpu *alloc_vcpu_struct(const struct domain *d)