Xen project Mailing List

Re: [PATCH v2] x86/mm: Short circuit damage from "fishy" ref/typecount failure

To: <paul@xxxxxxx>, 'Xen-devel' <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 19 Jan 2021 13:00:17 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xdXf/3NsJXv8d6KfeCB3uRCCVAKXbruqO1bYRwSTlDc=; b=CC/kJSlqxtu+vYsscHNM+MCQFeZgKSyhphUerRNfJbEeVZqHkuLE7RrK2C4rsDSwrhsGfkSGtrsT6ysxLSG8FtomZBf38GIA+vnPsK1DGg/7DzH6kqGxy0OqXeMgbTtFjUKgScgXI3BfjHgKHxUE4sW77vfXfGPhag+5AIu1pQXpEVjN+H6ugiiadONex42tjEN2dI9re2DwtRzhqEOe0vhtihEVSkKEuqiR0L0GILtZlNzwAnHN05DCS50XxYkoez8jtFfYuTenWVy75j5tp7wOb/5T4XGQ34xl8zYqSR42Z1BabhGeAEnSXVYFrFMQL/7fxzZJfL3yZoU2dF5sFg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Y1GGF5fki23zEmZju6Ibihh2kZGIaxt/cpD7ASNItzpiFYrfzdmNcxdDdhgHIAGDJlq90gKUmBk8y1gyU1iYFJUQenoWdZBwUldwruYP0p9+DGI5J0tJQGhO0sHM7p55oOoQH6/Ol+Tc1Uh+9jZwx0JLZRyUCSnlOq+l3puD7K0Vm3e4R5YdngH70ZIFfZytnaKTJvNymDvgJfmRIYN+kczuMPSUi2tHg7m9/PwlibMtgTIltdikmWcofovSzYS0eVo9dIXSF539+iGQgZSqxmvfWdHUEdHBzQ4USdlhBcS/pf29kMtselsAgn4vshjjkl03YiyC8xvpF0aVQaCgtw==

Authentication-results: esa5.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: 'Jan Beulich' <JBeulich@xxxxxxxx>, 'Roger Pau Monné' <roger.pau@xxxxxxxxxx>, 'Wei Liu' <wl@xxxxxxx>, 'Tamas K Lengyel' <tamas@xxxxxxxxxxxxx>

Delivery-date: Tue, 19 Jan 2021 13:00:35 +0000

Ironport-sdr: pBUg5Net9nev7HeIRlsObtniz8049RmZWgU9MVCtfO+mdC5S9Xwp5oPFfFUzrcqg1Xjmq4BSVw cy4W/n/Rq7j7m8GzyArmOsekyCtPd6sQD0v+E8+ZxQAcVhIc3DJmAsOV4Iplhf13+om0bux4k9 AHBcyt+tkfIGjuGUenPq4Pqgbfok4A0fv3fF/Lbs1nS4qskJAnmPYXs9JRL759LYJ3RJHSTaZ6 1g3mWd02rqYLZeMmp6/mG2x4+Bbu87NYO00cqw9xUXuRD4nUX/yon0+bAsLwRUaGxwbXPUSwnv G4Q=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 19/01/2021 12:45, Paul Durrant wrote: >> -----Original Message----- >> From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >> Sent: 19 January 2021 12:28 >> To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx> >> Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>; Jan Beulich >> <JBeulich@xxxxxxxx>; Roger Pau Monné >> <roger.pau@xxxxxxxxxx>; Wei Liu <wl@xxxxxxx>; Paul Durrant <paul@xxxxxxx>; >> Tamas K Lengyel >> <tamas@xxxxxxxxxxxxx> >> Subject: [PATCH v2] x86/mm: Short circuit damage from "fishy" ref/typecount >> failure >> >> This code has been copied in 3 places, but it is problematic. >> >> All cases will hit a BUG() later in domain teardown, when a the missing >> type/count reference is underflowed. >> >> Don't complicated the logic by leaving a totally unqualified domain crash, >> and >> a timebomb which will be triggered by the toolstack at a slightly later, and >> seemingly unrelated, point. >> >> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >> --- >> CC: Jan Beulich <JBeulich@xxxxxxxx> >> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> >> CC: Wei Liu <wl@xxxxxxx> >> CC: Paul Durrant <paul@xxxxxxx> >> CC: Tamas K Lengyel <tamas@xxxxxxxxxxxxx> >> >> v2: >> * Reword the commit message. >> * Switch BUG() to BUG_ON() to further reduce code volume. >> --- >> xen/arch/x86/hvm/ioreq.c | 11 ++--------- >> xen/arch/x86/hvm/vmx/vmx.c | 11 ++--------- >> xen/arch/x86/mm/mem_paging.c | 17 ++++------------- >> 3 files changed, 8 insertions(+), 31 deletions(-) >> >> diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c >> index 1cc27df87f..0c38cfa151 100644 >> --- a/xen/arch/x86/hvm/ioreq.c >> +++ b/xen/arch/x86/hvm/ioreq.c >> @@ -366,15 +366,8 @@ static int hvm_alloc_ioreq_mfn(struct hvm_ioreq_server >> *s, bool buf) >> if ( !page ) >> return -ENOMEM; >> >> - if ( !get_page_and_type(page, s->target, PGT_writable_page) ) >> - { >> - /* >> - * The domain can't possibly know about this page yet, so failure >> - * here is a clear indication of something fishy going on. >> - */ >> - domain_crash(s->emulator); >> - return -ENODATA; >> - } >> + /* Domain can't know about this page yet - something fishy going on. */ >> + BUG_ON(!get_page_and_type(page, s->target, PGT_writable_page)); >> >> iorp->va = __map_domain_page_global(page); >> if ( !iorp->va ) >> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c >> index 2d4475ee3d..8e438cb781 100644 >> --- a/xen/arch/x86/hvm/vmx/vmx.c >> +++ b/xen/arch/x86/hvm/vmx/vmx.c >> @@ -3042,15 +3042,8 @@ static int vmx_alloc_vlapic_mapping(struct domain *d) >> if ( !pg ) >> return -ENOMEM; >> >> - if ( !get_page_and_type(pg, d, PGT_writable_page) ) >> - { >> - /* >> - * The domain can't possibly know about this page yet, so failure >> - * here is a clear indication of something fishy going on. >> - */ >> - domain_crash(d); >> - return -ENODATA; >> - } >> + /* Domain can't know about this page yet - something fishy going on. */ >> + BUG_ON(!get_page_and_type(page, s->target, PGT_writable_page)); > Does this compile? > > s/page/pg > s/s->target/d > > ...and similar below is needed AFAICT. Urgh no - missing the delta in my working tree. Fixed both. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.