[Xen-devel] [PATCH v3 0/3] Fix xen crash when starting HVM guest due to missing io handler

From: Suravee Suthikulpanit <Suravee.Suthikulpanit@xxxxxxx>

Hi All,

Changes from V2:
  * Use assert instead of sanity check before count increment in
    the hvm_next_io_handler().
  * Post-pone iommu_domain_init() and add proper error handling code
    to destroy hvm in case of failure.
  * Split out sanity check in guest_iommu_init() into a separate patch.

On systems with iommu v2 enabled, the hypervisor crashes when trying
to start up an HVM guest. 

Investigating shows that the guest_iommu_init() is called before the
HVM domain is initialized. It then tries to register_mmio_handler()
causing the hvm_next_io_handler() to increment the io_handler_count.
However, the registration fails silently and left the I/O handler

At later time, hvm_find_io_handler() is called and iterate through
the registered handlered, but then resulting in referencing NULL

This patch series proposes fix for this issue.


Suravee Suthikulpanit (3):
  x86/hvm: Add check when register io handler
  svm: iommu: Only call guest_iommu_init() after initialized HVM domain
  AMD IOMMU: Check io_handler before registering mmio handler

 xen/arch/x86/domain.c                     | 9 ++++++---
 xen/arch/x86/hvm/intercept.c              | 2 ++
 xen/drivers/passthrough/amd/iommu_guest.c | 6 ++++++
 3 files changed, 14 insertions(+), 3 deletions(-)


