[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] x86/vmx: Don't spuriously crash the domain when INIT is received

commit b1f11273d5a774cc88a3685c96c2e7cf6385e3b6
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Thu Feb 24 19:40:15 2022 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Fri Mar 24 22:49:58 2023 +0000

    x86/vmx: Don't spuriously crash the domain when INIT is received
    
    In VMX operation, the handling of INIT IPIs is changed.  Instead of the CPU
    resetting, the next VMEntry fails with EXIT_REASON_INIT.  From the TXT spec,
    the intent of this behaviour is so that an entity which cares can scrub
    secrets from RAM before participating in an orderly shutdown.
    
    Right now, Xen's behaviour is that when an INIT arrives, the HVM VM which
    schedules next is killed (citing an unknown VMExit), *and* we ignore the 
INIT
    and continue blindly onwards anyway.
    
    This patch addresses only the first of these two problems by ignoring the 
INIT
    and continuing without crashing the VM in question.
    
    The second wants addressing too, just as soon as we've figured out something
    better to do...
    
    Discovered as collateral damage from when an AP triple faults on S3 resume 
on
    Intel TigerLake platforms.
    
    Link: https://github.com/QubesOS/qubes-issues/issues/7283
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>
---
 xen/arch/x86/hvm/vmx/vmx.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 78ac9ece6f..7d5ed8d470 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -4094,6 +4094,10 @@ void vmx_vmexit_handler(struct cpu_user_regs *regs)
     case EXIT_REASON_MCE_DURING_VMENTRY:
         do_machine_check(regs);
         break;
+
+    case EXIT_REASON_INIT:
+        printk(XENLOG_ERR "Error: INIT received - ignoring\n");
+        return; /* Renter the guest without further processing */
     }
 
     /* Now enable interrupts so it's safe to take locks. */
--
generated by git-patchbot for /home/xen/git/xen.git#master

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.