[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/3] xen: fix XEN_DOMCTL_gdbsx_guestmemio crash


  • To: Juergen Gross <jgross@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Tue, 19 Apr 2022 14:37:02 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=t2VtGFmwRPmuqTfnbDl0Am+3sZbzCgD4fvum6MSiFWI=; b=ceGyzipaiVHu4ozS5r0uOFbSWOFZSl9RxJH+LFRt+wHFqeVQ9Lpa5+D903LLK4y0cARaXH59jdedlYn/Ghuo0SSF00MBqzU1xxmT8hJ3OI+xHnJrq3Oo+eorQidPeFISfMuYkN03PS/tbH8hIdxpz1g55FZVKyDrItc0zR03Wj1FFsW1kGuB3vdcATIVwwOal0S5Cgzk8aqs/6erik3E1M4cUQTEgY1RRZl7WQzDmYohuUDDzDE9EsMsVTXpCKkpURCCVZ1ObX2mXSGmIlVDydhzRYliBfpAw/GyFbKTSm39OhSWKpDVJy1CYEOpPUVN3tl1iNL7O1fWslUpjFRMZA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Oj1xJS4eUBQx2Xy4sSOmMDC1YRppBa2nPgxg1T/OlnkDUkcsM1g0C0yrXGl4DoD81ElZ1pljayBRHNR16VZiPjeftbGCGfwibhJbTJ+3ofP5L3Mg9m2WHUnsMS+MjWKYxjRQlowNN7Ys0YrX+673ed+2RB5dZUho2bH3oDnoi6fAUV9B1OPuFk0F03EgNcafVZh61zc1DOafstGNOOg+UCC4O7pXje9ZQnjKary+KL0f/UQh6mBgvRCpxQPxSQjcPC1ugcXeqmLEdnMl5c9b7T2RfyE2n+PbZFUniHcUGm+iqP1SaV2V3nrlwMsxCSbQO12l4YgIb6BuBtvTHPXSMA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: George Dunlap <George.Dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Cheyenne Wills <cheyenne.wills@xxxxxxxxx>
  • Delivery-date: Tue, 19 Apr 2022 14:37:14 +0000
  • Ironport-data: A9a23:E8QKBavyminSV4S50LzMegGZP+fnVJtfMUV32f8akzHdYApBsoF/q tZmKW3XOPzeMTDxKth2Ptmw9RsHvcOExoRrTgQ4/HthEisQ+JbJXdiXEBz9bniYRiHhoOOLz Cm8hv3odp1coqr0/0/1WlTZhSAgk/nOHNIQMcacUsxLbVYMpBwJ1FQyw4bVvqYy2YLjW1/U6 IuryyHiEATNNwBcYzp8B52r8HuDjNyq0N/PlgVjDRzjlAa2e0g9VPrzF4noR5fLatA88tqBb /TC1NmEElbxpH/BPD8HfoHTKSXmSpaKVeSHZ+E/t6KK2nCurQRquko32WZ1he66RFxlkvgoo Oihu6BcRi94O6TDhLRMeiVeEmZGIY532JzgLiKG5Jn7I03uKxMAwt1IJWRvZ8g9xbwyBmtDs /sFNDoKcxaPwfqsx662QfVtgcJlK9T3OIQYuTdryjSx4fQOGMifBfmVo4EGmmts7ixNNa+2i 84xQDxjdhnfJTZIPU8aEskWl+a0nHjvNTZfrTp5oIJpsjSIllwsjNABNvKOf/+IGelLw3qkm T3XwnbAWS0+NNiQnG/tHnWEw7WncTnAcIAdDrqj7dZxnUaegGcUDXU+RVa95PW0lEO6c9ZeM FAPvDojq7Ao806mRcW7WAe3yFaGtBMBX9tbE8Uh9RqAjKHT5m6xBHUATzNHQMwrsokxXzNC/ kSSg9rjCDhrsbuUYXGQ7LGZqXW1Iyd9BXAGTT8JS00C+daLiIozgwPCSNBuVrG0itnuMT71y jGO6iM5gt0uYdUj0qy6+RXCnGiqr52QFAotvF2LAiSi8x9zY5Oja8qw81/H4P1cLYGfCF6co HwDnMvY5+cLZX2QqBGwrCw2NOnBz5643Pf02zaDw7FJG+yRxkOe
  • Ironport-hdrordr: A9a23:eXvXOqpFIYelBmAvTHPEak0aV5tyLNV00zEX/kB9WHVpm5Oj+v xGzc5w6farsl0ssSkb6Ku90KnpewK+yXbsibNhcYtKLzOWwldAS7sSorcKogeQVhEWk9Qw6U 4OSdkYNDSdNzlHZIPBkXGF+rUbsZe6GcKT9IHjJh5WJGkEBZ2IrT0JczpzeXcGJjWucKBJcK Z0kfA3wgZIF052Uu2LQl0+G8TTrdzCk5zrJTQcAQQ81QWIhTS0rJbnDhmxxH4lInNy6IZn1V KAvx3y562lvf3+4ATbzXXv45Nfn8ak4sdfBfaLltMeJlzX+0WVjcVaKv+/VQIO0aWSAWUR4Z 7xStAbToJOAkbqDySISN3WqlDdOXgVmiffIBSj8AbeSITCNU4H4ox69MNkm1LimjQdVJsX6t M140uJ85VQFh/OhyL7+pzBUAxrjFO9pT44nfcUlGE3a/pXVFZ9l/1owKpuKuZIIMs60vFULM B+SMXHoPpGe1KTaH7U+mFp3dy3R3w2WhOLWFILtMCZ2yVf2CkR9TpT+OUP2nMbsJ4tQZhN4O rJdqxuibFVV8cTKaZwHv0IT8e7AnHEBRjMLGWRK1L6E7xvAQOHl7fnpLEuoO26cp0By5U/3J zHTVNDrGY3P1njDMWftac7hSwlgF/NKQgF5vsul6SR4IeMNYYDGRfzO2wGgo+nv+gVBNHdVr K6JI9WasWTWFfTJQ==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYU/TJb6Q1Q9CJy0G0bOkg81j9/qz3TfKA
  • Thread-topic: [PATCH v3 1/3] xen: fix XEN_DOMCTL_gdbsx_guestmemio crash

On 19/04/2022 14:52, Juergen Gross wrote:
> A hypervisor built without CONFIG_GDBSX will crash in case the
> XEN_DOMCTL_gdbsx_guestmemio domctl is being called, as the call will
> end up in iommu_do_domctl() with d == NULL:
>
> (XEN) CPU:    6
> (XEN) RIP:    e008:[<ffff82d040269984>] iommu_do_domctl+0x4/0x30
> (XEN) RFLAGS: 0000000000010202   CONTEXT: hypervisor (d0v0)
> (XEN) rax: 00000000000003e8   rbx: ffff830856277ef8   rcx: ffff830856277fff
> ...
> (XEN) Xen call trace:
> (XEN)    [<ffff82d040269984>] R iommu_do_domctl+0x4/0x30
> (XEN)    [<ffff82d04035cd5f>] S arch_do_domctl+0x7f/0x2330
> (XEN)    [<ffff82d040239e46>] S do_domctl+0xe56/0x1930
> (XEN)    [<ffff82d040238ff0>] S do_domctl+0/0x1930
> (XEN)    [<ffff82d0402f8c59>] S pv_hypercall+0x99/0x110
> (XEN)    [<ffff82d0402f5161>] S 
> arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90
> (XEN)    [<ffff82d040366288>] S lstar_enter+0x128/0x130
> (XEN)
> (XEN) Pagetable walk from 0000000000000144:
> (XEN)  L4[0x000] = 0000000000000000 ffffffffffffffff
> (XEN)
> (XEN) ****************************************
> (XEN) Panic on CPU 6:
> (XEN) FATAL PAGE FAULT
> (XEN) [error_code=0000]
> (XEN) Faulting linear address: 0000000000000144
>
> Fix this issue by making sure the domain pointer has a sane value.
>
> Reported-by: Cheyenne Wills <cheyenne.wills@xxxxxxxxx>
> Fixes: e726a82ca0dc ("xen: make gdbsx support configurable")
> Signed-off-by: Juergen Gross <jgross@xxxxxxxx>

Thanks, but I was hoping for a bit of discussion on the use of DOMID_IDLE.

It used to be permitted to pass DOMID_IDLE to dbg_rw_mem() to access Xen
memory, which is why the XEN_DOMCTL_gdbsx_guestmemio special case existed.

It turns out that it was also e726a82ca0dc which dropped the ability to
use DOMID_IDLE, meaning that this fix is a missing hunk from the
original change too.

This is relevant backport information, and would have created
complexities if they hadn't been the same changeset.

So, now about:

"It used to be permitted to pass DOMID_IDLE to dbg_rw_mem(), which is
why the special case excluding domid checks exists.  Now that it is only
permitted to pass proper domids, remove the special case, thus making
'd' always valid."

?

Can be fixed on commit, so Reviewed-by: Andrew Cooper
<andrew.cooper3@xxxxxxxxxx> for everything else.

~Andrew

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.