[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.1] x86: make vcpu_reset() preemptible

commit c6fad967aabeb98da8307e59f73474b23b42f0d1
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu May 2 17:24:38 2013 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu May 2 17:24:38 2013 +0200

    x86: make vcpu_reset() preemptible
    
    ... as dropping the old page tables may take significant amounts of
    time.
    
    This is part of CVE-2013-1918 / XSA-45.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Tim Deegan <tim@xxxxxxx>
    master commit: 4939f9a6dee4280f38730fd3066e5dce353112f6
    master date: 2013-05-02 16:37:24 +0200
---
 xen/arch/x86/domain.c     |   13 ++++++-------
 xen/arch/x86/hvm/hvm.c    |    5 ++++-
 xen/arch/x86/hvm/vlapic.c |    5 ++++-
 xen/arch/x86/mm.c         |    6 +++---
 xen/common/domain.c       |   12 ++++++++++--
 xen/common/domctl.c       |    6 ++++--
 xen/include/asm-x86/mm.h  |    2 +-
 xen/include/xen/domain.h  |    4 ++--
 xen/include/xen/sched.h   |    3 +++
 9 files changed, 37 insertions(+), 19 deletions(-)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 4b79db0..696eff3 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -902,17 +902,16 @@ int arch_set_info_guest(
 #undef c
 }
 
-void arch_vcpu_reset(struct vcpu *v)
+int arch_vcpu_reset(struct vcpu *v)
 {
     if ( !is_hvm_vcpu(v) )
     {
         destroy_gdt(v);
-        vcpu_destroy_pagetables(v, 0);
-    }
-    else
-    {
-        vcpu_end_shutdown_deferral(v);
+        return vcpu_destroy_pagetables(v);
     }
+
+    vcpu_end_shutdown_deferral(v);
+    return 0;
 }
 
 /* 
@@ -1933,7 +1932,7 @@ int domain_relinquish_resources(struct domain *d)
         for_each_vcpu ( d, v )
         {
             /* Drop the in-use references to page-table bases. */
-            ret = vcpu_destroy_pagetables(v, 1);
+            ret = vcpu_destroy_pagetables(v);
             if ( ret )
                 return ret;
 
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 9f53728..140e70c 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3083,8 +3083,11 @@ static void hvm_s3_suspend(struct domain *d)
 
     for_each_vcpu ( d, v )
     {
+        int rc;
+
         vlapic_reset(vcpu_vlapic(v));
-        vcpu_reset(v);
+        rc = vcpu_reset(v);
+        ASSERT(!rc);
     }
 
     vpic_reset(d);
diff --git a/xen/arch/x86/hvm/vlapic.c b/xen/arch/x86/hvm/vlapic.c
index 09baf8d..a2ec9ae 100644
--- a/xen/arch/x86/hvm/vlapic.c
+++ b/xen/arch/x86/hvm/vlapic.c
@@ -252,10 +252,13 @@ static void vlapic_init_sipi_action(unsigned long _vcpu)
     {
     case APIC_DM_INIT: {
         bool_t fpu_initialised;
+        int rc;
+
         domain_lock(target->domain);
         /* Reset necessary VCPU state. This does not include FPU state. */
         fpu_initialised = target->fpu_initialised;
-        vcpu_reset(target);
+        rc = vcpu_reset(target);
+        ASSERT(!rc);
         target->fpu_initialised = fpu_initialised;
         vlapic_reset(vcpu_vlapic(target));
         domain_unlock(target->domain);
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index b561a6f..2567c5e 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -2744,7 +2744,7 @@ static int put_old_guest_table(struct vcpu *v)
     return rc;
 }
 
-int vcpu_destroy_pagetables(struct vcpu *v, bool_t preemptible)
+int vcpu_destroy_pagetables(struct vcpu *v)
 {
     unsigned long mfn = pagetable_get_pfn(v->arch.guest_table);
     struct page_info *page;
@@ -2764,7 +2764,7 @@ int vcpu_destroy_pagetables(struct vcpu *v, bool_t 
preemptible)
         if ( paging_mode_refcounts(v->domain) )
             put_page(page);
         else
-            rc = put_page_and_type_preemptible(page, preemptible);
+            rc = put_page_and_type_preemptible(page, 1);
     }
 
 #ifdef __x86_64__
@@ -2790,7 +2790,7 @@ int vcpu_destroy_pagetables(struct vcpu *v, bool_t 
preemptible)
             if ( paging_mode_refcounts(v->domain) )
                 put_page(page);
             else
-                rc = put_page_and_type_preemptible(page, preemptible);
+                rc = put_page_and_type_preemptible(page, 1);
         }
         if ( !rc )
             v->arch.guest_table_user = pagetable_null();
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 054f7c4..4f2efe5 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -770,14 +770,18 @@ int boot_vcpu(struct domain *d, int vcpuid, 
vcpu_guest_context_u ctxt)
     return arch_set_info_guest(v, ctxt);
 }
 
-void vcpu_reset(struct vcpu *v)
+int vcpu_reset(struct vcpu *v)
 {
     struct domain *d = v->domain;
+    int rc;
 
     vcpu_pause(v);
     domain_lock(d);
 
-    arch_vcpu_reset(v);
+    set_bit(_VPF_in_reset, &v->pause_flags);
+    rc = arch_vcpu_reset(v);
+    if ( rc )
+        goto out_unlock;
 
     set_bit(_VPF_down, &v->pause_flags);
 
@@ -793,9 +797,13 @@ void vcpu_reset(struct vcpu *v)
 #endif
     cpus_clear(v->cpu_affinity_tmp);
     clear_bit(_VPF_blocked, &v->pause_flags);
+    clear_bit(_VPF_in_reset, &v->pause_flags);
 
+ out_unlock:
     domain_unlock(v->domain);
     vcpu_unpause(v);
+
+    return rc;
 }
 
 
diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index d9a1f53..65e30df 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -286,8 +286,10 @@ long do_domctl(XEN_GUEST_HANDLE(xen_domctl_t) u_domctl)
 
         if ( guest_handle_is_null(op->u.vcpucontext.ctxt) )
         {
-            vcpu_reset(v);
-            ret = 0;
+            ret = vcpu_reset(v);
+            if ( ret == -EAGAIN )
+                ret = hypercall_create_continuation(
+                          __HYPERVISOR_domctl, "h", u_domctl);
             goto svc_out;
         }
 
diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h
index d24e132..ecf93c2 100644
--- a/xen/include/asm-x86/mm.h
+++ b/xen/include/asm-x86/mm.h
@@ -555,7 +555,7 @@ void audit_domains(void);
 int new_guest_cr3(unsigned long pfn);
 void make_cr3(struct vcpu *v, unsigned long mfn);
 void update_cr3(struct vcpu *v);
-int vcpu_destroy_pagetables(struct vcpu *, bool_t preemptible);
+int vcpu_destroy_pagetables(struct vcpu *);
 void propagate_page_fault(unsigned long addr, u16 error_code);
 void *do_page_walk(struct vcpu *v, unsigned long addr);
 
diff --git a/xen/include/xen/domain.h b/xen/include/xen/domain.h
index edffd1f..5175ef7 100644
--- a/xen/include/xen/domain.h
+++ b/xen/include/xen/domain.h
@@ -15,7 +15,7 @@ struct vcpu *alloc_vcpu(
 int boot_vcpu(
     struct domain *d, int vcpuid, vcpu_guest_context_u ctxt);
 struct vcpu *alloc_dom0_vcpu0(void);
-void vcpu_reset(struct vcpu *v);
+int vcpu_reset(struct vcpu *);
 
 struct xen_domctl_getdomaininfo;
 void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info);
@@ -57,7 +57,7 @@ void arch_dump_vcpu_info(struct vcpu *v);
 
 void arch_dump_domain_info(struct domain *d);
 
-void arch_vcpu_reset(struct vcpu *v);
+int arch_vcpu_reset(struct vcpu *);
 
 bool_t domctl_lock_acquire(void);
 void domctl_lock_release(void);
diff --git a/xen/include/xen/sched.h b/xen/include/xen/sched.h
index 5909d9a..16e50e1 100644
--- a/xen/include/xen/sched.h
+++ b/xen/include/xen/sched.h
@@ -597,6 +597,9 @@ extern struct domain *domain_list;
  /* VCPU is blocked on memory-event ring. */
 #define _VPF_mem_event       4
 #define VPF_mem_event        (1UL<<_VPF_mem_event)
+ /* VCPU is being reset. */
+#define _VPF_in_reset        7
+#define VPF_in_reset         (1UL<<_VPF_in_reset)
 
 static inline int vcpu_runnable(struct vcpu *v)
 {
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.1

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.