[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] xen: fix XEN_DOMCTL_gdbsx_guestmemio crash

  • To: Juergen Gross <jgross@xxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 19 Apr 2022 12:31:17 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=23YmRU8g3j7av44iXJcTeB2zyaSXSTHD+Pl6Jf/3atU=; b=BjZH2AiJPmnS1ZEySRKvZLtGrctBR7ykEnQT8piDGBwm1iSze8SarXhQSnay86xnSxlxFCpoKbNo5SSj8vkrdjsoo/LcdLRYDFp5HFx6jPNUfVNGwQjyBctbzZ7N3WSxhfjaA915BKIScDxpDhfGQbziWMXEb9iWRZP4x8rbmBewvIozSUmQKBZJOj34Cutcf9GbW4c4SqjCBwl56o+mlmlVCIyAFT0ujKuM0BZc85RCfyIUygvrRjjXiKIZGvclJpPbM5ejku27Uf3pJGZLIQIJFU0aoqW5ty3WYQW/i5NEO16WR2KqJGm8uOoIyAmLzeFaAbY1/Jr+7XqD3BZG0A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TNpYu8DFucnrdaYgZxpIf6Hjrnw+4XMtdWHWMuxEvXt9F0zfkBIU8eKKg+VBMdnQB8/pMBjBg5CnYwoX2vKyH5dCnfcQoarZDFk68d7a/jFVI7IJDf0Au88N5Gj5jY526Yj5DUnmSmGPOVQafDvOEJQenHuvDYRkS4AyRFpBeSanZoGFR32gx0zppfoQuwqLHek4z1gMjiyQk429T3pyEMiOCbswdhMv8FLiSKbpEeZzDgQPySqbevjSsK+LxxvoHS/hkE09FmdrXnMbt2XbfPdN9kfaU/lLX+QWWmSXmiAeV+2/eDwGScnNy+/js8+hKshHEaFcNXO62rcyvFPb+A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Elena Ufimtseva <elena.ufimtseva@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Cheyenne Wills <cheyenne.wills@xxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Tue, 19 Apr 2022 10:31:29 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 19.04.2022 12:18, Juergen Gross wrote:
> A hypervisor built without CONFIG_GDBSX will crash in case the
> XEN_DOMCTL_gdbsx_guestmemio domctl is being called, as the call will
> end up in iommu_do_domctl() with d == NULL:
> 
> (XEN) CPU:    6
> (XEN) RIP:    e008:[<ffff82d040269984>] iommu_do_domctl+0x4/0x30
> (XEN) RFLAGS: 0000000000010202   CONTEXT: hypervisor (d0v0)
> (XEN) rax: 00000000000003e8   rbx: ffff830856277ef8   rcx: ffff830856277fff
> ...
> (XEN) Xen call trace:
> (XEN)    [<ffff82d040269984>] R iommu_do_domctl+0x4/0x30
> (XEN)    [<ffff82d04035cd5f>] S arch_do_domctl+0x7f/0x2330
> (XEN)    [<ffff82d040239e46>] S do_domctl+0xe56/0x1930
> (XEN)    [<ffff82d040238ff0>] S do_domctl+0/0x1930
> (XEN)    [<ffff82d0402f8c59>] S pv_hypercall+0x99/0x110
> (XEN)    [<ffff82d0402f5161>] S 
> arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90
> (XEN)    [<ffff82d040366288>] S lstar_enter+0x128/0x130
> (XEN)
> (XEN) Pagetable walk from 0000000000000144:
> (XEN)  L4[0x000] = 0000000000000000 ffffffffffffffff
> (XEN)
> (XEN) ****************************************
> (XEN) Panic on CPU 6:
> (XEN) FATAL PAGE FAULT
> (XEN) [error_code=0000]
> (XEN) Faulting linear address: 0000000000000144
> 
> Fix this issue by modifying the interface of gdbsx_guest_mem_io() to
> take the already known domain pointer instead of the domid.
> 
> Reported-by: Cheyenne Wills <cheyenne.wills@xxxxxxxxx>
> Fixes: e726a82ca0dc ("xen: make gdbsx support configurable")
> Suggested-by: Jan Beulich <jbeulich@xxxxxxxx>
> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>

Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
with one nit (which can be taken care of while committing):

> --- a/xen/arch/x86/debug.c
> +++ b/xen/arch/x86/debug.c
> @@ -159,17 +159,11 @@ static unsigned int dbg_rw_guest_mem(struct domain *dp, 
> unsigned long addr,
>   * Returns: number of bytes remaining to be copied.
>   */
>  unsigned int dbg_rw_mem(unsigned long gva, XEN_GUEST_HANDLE_PARAM(void) buf,
> -                        unsigned int len, domid_t domid, bool toaddr,
> +                        unsigned int len, struct domain *d, bool toaddr,
>                          uint64_t pgd3)
>  {
> -    struct domain *d = rcu_lock_domain_by_id(domid);
> -
> -    if ( d )
> -    {
> -        if ( !d->is_dying )
> +    if ( d && !d->is_dying )
>              len = dbg_rw_guest_mem(d, gva, buf, len, toaddr, pgd3);

This line now wants its indentation adjusted.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.