From 1b0cf99d046286c601a28af0ef7c1a17eb3eb2cb Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Thu, 15 Jun 2017 12:05:29 +0100
Subject: [PATCH 4/4] gnttab: correct maptrack table accesses

In order to observe a consistent (limit,pointer-table) pair, the reader
needs to either hold the grant table lock or both sides need to order
their accesses suitably (the writer side barrier is already there). Add
the missing barrier.

This is part of XSA-218.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: George Dunlap <george.dunlap@citrix.com>
---
 xen/common/grant_table.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index 5203929..ac98aef 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -908,7 +908,9 @@ __gnttab_unmap_common(
         return;
     }
 
+    smp_rmb();
     map = &maptrack_entry(lgt, op->handle);
+
     spin_lock(&lgt->lock);
 
     if ( unlikely(!map->flags) )
-- 
2.1.4