[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.6] tools/libxc: Fix restoration of PV MSRs after migrate



commit 525c3816e244700d459ee0aad8cb79ce13c64f26
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Nov 16 21:10:00 2017 +0000
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Tue Feb 27 16:00:14 2018 +0000

    tools/libxc: Fix restoration of PV MSRs after migrate
    
    There are two bugs in process_vcpu_msrs() which clearly demonstrate that I
    didn't test this bit of Migration v2 very well when writing it...
    
    vcpu->msrsz is always expected to be a multiple of xen_domctl_vcpu_msr_t
    records in a spec-compliant stream, so the modulo yields 0 for the 
msr_count,
    rather than the actual number sent in the stream.
    
    Passing 0 for the msr_count causes the hypercall to exit early, and hides 
the
    fact that the guest handle is inserted into the wrong field in the domctl
    union.
    
    The reason that these bugs have gone unnoticed for so long is that the only
    MSRs passed like this for PV guests are the AMD DBGEXT MSRs, which only 
exist
    in fairly modern hardware, and whose use doesn't appear to be implemented in
    any contemporary PV guests.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    Release-acked-by: Julien Grall <julien.grall@xxxxxxxxxx>
    (cherry picked from commit f1a0a8c3fe2fb37c77ec1fe43618feef412427b5)
    (cherry picked from commit 56d203b0f0e28a5d5935889587ca47a34606c556)
    (cherry picked from commit 03f947472fde01f438ec057439d8d30456210a1c)
    (cherry picked from commit bbd12188fa94640717deb6b4e6e4abc0b90843e3)
---
 tools/libxc/xc_sr_restore_x86_pv.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/libxc/xc_sr_restore_x86_pv.c 
b/tools/libxc/xc_sr_restore_x86_pv.c
index 50e25c162c..ed0fd0ead9 100644
--- a/tools/libxc/xc_sr_restore_x86_pv.c
+++ b/tools/libxc/xc_sr_restore_x86_pv.c
@@ -455,8 +455,8 @@ static int process_vcpu_msrs(struct xc_sr_context *ctx,
     domctl.cmd = XEN_DOMCTL_set_vcpu_msrs;
     domctl.domain = ctx->domid;
     domctl.u.vcpu_msrs.vcpu = vcpuid;
-    domctl.u.vcpu_msrs.msr_count = vcpu->msrsz % sizeof(xen_domctl_vcpu_msr_t);
-    set_xen_guest_handle(domctl.u.vcpuextstate.buffer, buffer);
+    domctl.u.vcpu_msrs.msr_count = vcpu->msrsz / sizeof(xen_domctl_vcpu_msr_t);
+    set_xen_guest_handle(domctl.u.vcpu_msrs.msrs, buffer);
 
     memcpy(buffer, vcpu->msr, vcpu->msrsz);
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.6

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.