[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.9] x86/hvm: Disallow the creation of HVM domains without Local APIC emulation



commit 395cb3f9b4e31040564a2ca801a292e2cfa76818
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Tue Feb 27 14:24:51 2018 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Feb 27 14:24:51 2018 +0100

    x86/hvm: Disallow the creation of HVM domains without Local APIC emulation
    
    There are multiple problems, not necesserily limited to:
    
     * Guests which configure event channels via 
hvmop_set_evtchn_upcall_vector(),
       or which hit %cr8 emulation will cause Xen to fall over a NULL 
vlapic->regs
       pointer.
    
     * On Intel hardware, disabling the TPR_SHADOW execution control without
       reenabling CR8_{LOAD,STORE} interception means that the guests %cr8
       accesses interact with the real TPR.  Amongst other things, setting the
       real TPR to 0xf blocks even IPIs from interrupting this CPU.
    
     * On hardware which sets up the use of Interrupt Posting, including
       IOMMU-Posting, guests run without the appropriate non-root configuration,
       which at a minimum will result in dropped interrupts.
    
    Whether no-LAPIC mode is of any use at all remains to be seen.
    
    This is XSA-256.
    
    Reported-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    master commit: 0aa6158b674c5d083b75ac8fcd1e7ae92d0c39ae
    master date: 2018-02-27 14:08:36 +0100
---
 xen/arch/x86/domain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index fc0ce6310f..995bf7f8da 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -514,7 +514,7 @@ static bool emulation_flags_ok(const struct domain *d, 
uint32_t emflags)
         if ( is_hardware_domain(d) &&
              emflags != (XEN_X86_EMU_LAPIC|XEN_X86_EMU_IOAPIC) )
             return false;
-        if ( !is_hardware_domain(d) && emflags &&
+        if ( !is_hardware_domain(d) &&
              emflags != XEN_X86_EMU_ALL && emflags != XEN_X86_EMU_LAPIC )
             return false;
     }
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.9

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.