[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Tomasz Wroblewski <tomasz.wroblewski@xxxxxxxxxx>
Date: Mon, 26 Aug 2013 14:24:31 +0200
Cc: xen-devel@xxxxxxxxxxxxxxxxxxxx, dgdegra@xxxxxxxxxxxxx
Delivery-date: Mon, 26 Aug 2013 12:26:08 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 08/26/2013 01:12 PM, Jan Beulich wrote:

On 26.08.13 at 12:03, Tomasz Wroblewski<tomasz.wroblewski@xxxxxxxxxx>  wrote:

Xen crashes on boot of xsm/flask enabled builds, if policy module is not
specified.
This seems to have worked on 4.1 at least.

Looking at the code (4.1.5) I can't see what would prevent the
same NULL pointer deref. Care to explain?

The crash doesn't happen at the NULL pointer dereference site though,but a bit later, when xen tries to flush tlbs for first time I believe,which happens during page allocation for the initial domain structure. Itraced it to the following ASSERT in smp.c (so yes I should add thisparticular crash likely is limited to debug builds then)

void flush_area_mask(const cpumask_t *mask, const void *va, unsigned intflags)

{
    ASSERT(local_irq_is_enabled());
    ...

The actual crash message is unhelpful since it's basically only

...
(XEN) Using scheduler: SMP Credit Scheduler (credit)
(XEN) Unknown interrupt (cr2=0000000000000000)

Either removing the assert (which is obviously bad), or checking for thenull pointer deref as in the submitted patch seems to be fixing it. I'msuspecting it was always broken somehow but just was hidden or haddifferent side effects on 4.1 than it does now. I do lack for a goodexplanation why fiddling with null addresses breaks up this assert, though.

Can be fixed by testing whether
policy_buffer
is NULL before attempting to load from it - it's a global which is set to
non-NULL when
policy module is detected.

Signed-off-by: Tomasz Wroblewski<tomasz.wroblewski@xxxxxxxxxx>
---
  xen/xsm/flask/hooks.c |    3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
index fa0589a..cfa2929 100644
--- a/xen/xsm/flask/hooks.c
+++ b/xen/xsm/flask/hooks.c
@@ -1585,7 +1585,8 @@ static __init int flask_init(void)
      if ( register_xsm(&flask_ops) )
          panic("Flask: Unable to register with XSM.\n");

-    ret = security_load_policy(policy_buffer, policy_size);
+    if ( policy_buffer )
+        ret = security_load_policy(policy_buffer, policy_size);

Question is whether policy_buffer == NULL really isn't supposed
to result in a -E... return value (as in fact flask initialization failed).

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present
  - From: Tomasz Wroblewski
- Re: [Xen-devel] [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present
  - From: Jan Beulich

Prev by Date: [Xen-devel] [PATCH net-next 2/3] xen-netback: switch to NAPI + kthread 1:1 model
Next by Date: Re: [Xen-devel] [xen-unstable] Commit 2ca9fbd739b8a72b16dd790d0fff7b75f5488fb8 AMD IOMMU: allocate IRTE entries instead of using a static mapping, makes dom0 boot process stall several times.
Previous by thread: Re: [Xen-devel] [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present
Next by thread: Re: [Xen-devel] [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.