[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] xen/x86: fix PV trap handling on secondary processors

  • To: Jan Beulich <jbeulich@xxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>
  • From: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
  • Date: Mon, 20 Sep 2021 14:12:39 -0400
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=zrmD74ywt/8la0rTIv+A0YDuPs5jmd98jJp1pDuLQbU=; b=ik0/uMarPCYMN2cJGiKgV0laSihccdiTO+ZtjlVMBC0Jse1zG6akv8Tkn8H8knuDAZYvKf5905IZdWLlBWQeS+2IQUQ+16QEeCnAfgUuFwKIJz2DCn7g2RFcBg3cG34eVSZ70k56GFOrb44p8hqfqIwKm0y61WvoFfa6a2H30UaaW+zvHmdN/2131XL+waNHFtTTc5YPHqi7XqKF/5+pQdXfZAlt+/P0WciLtV/8CWF61yT204RsJ4K2ueqF48ewceXdcQQV6m9pUPi/NSWzMo8c9/JMg1FDdT/k6c15G04/66CpwlhduYGQpy0NOhoI/hV5C2oz3Psrk/p+IZQyzg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cVZSd3ggMoQJT1LPxO7NZGWGFVxU9bfxaPPu35vcvxzNXZAa2TUB611/gzF8aS3l0ipSAqDc0kYOlTy9jXRNg1J94VcHRuLqdK/XwYBr31yrRVSVEY12w6rp601UJ8cY8Q9l171SAWq5CMIo0pF7kSNCHjMRM3tX9PXvUBo79y++kkAbxfVkUErCjvE6HXHJnFqkrhjR3dHdiEHoeeyrWm78AE8ked4Ma2XnvUq7Q/6E+G41P5zbyZr3VnmDnnWAOxrcOty1ym7QKOBb0ZcDIvmhSgq0bnkZoDGeI3cCvQI48CQHaghh/F93FLfeLeoiHqYJmsklX6iqnfXk1GVgvw==
  • Authentication-results: lists.xenproject.org; dkim=none (message not signed) header.d=none;lists.xenproject.org; dmarc=none action=none header.from=oracle.com;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, lkml <linux-kernel@xxxxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 20 Sep 2021 18:12:57 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 9/20/21 12:15 PM, Jan Beulich wrote:
> The initial observation was that in PV mode under Xen 32-bit user space
> didn't work anymore. Attempts of system calls ended in #GP(0x402). All
> of the sudden the vector 0x80 handler was not in place anymore. As it
> turns out up to 5.13 redundant initialization did occur: Once from
> cpu_initialize_context() (through its VCPUOP_initialise hypercall) and a
> 2nd time while each CPU was brought fully up. This 2nd initialization is
> now gone, uncovering that the 1st one was flawed: Unlike for the
> set_trap_table hypercall, a full virtual IDT needs to be specified here;
> the "vector" fields of the individual entries are of no interest. With
> many (kernel) IDT entries still(?) (i.e. at that point at least) empty,
> the syscall vector 0x80 ended up in slot 0x20 of the virtual IDT, thus
> becoming the domain's handler for vector 0x20.
> Make xen_convert_trap_info() fit for either purpose, leveraging the fact
> that on the xen_copy_trap_info() path the table starts out zero-filled.
> This includes moving out the writing of the sentinel, which would also
> have lead to a buffer overrun in the xen_copy_trap_info() case if all
> (kernel) IDT entries were populated. Convert the writing of the sentinel
> to clearing of the entire table entry rather than just the address
> field.
> (I didn't bother trying to identify the commit which uncovered the issue
> in 5.14; the commit named below is the one which actually introduced the
> bad code.)
> Fixes: f87e4cac4f4e ("xen: SMP guest support")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Reviewed-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.