Xen project Mailing List

[xen-4.15-testing test] 170904: regressions - FAIL

From: osstest service owner <osstest-admin@xxxxxxxxxxxxxx>

Date: Fri, 10 Jun 2022 08:38:40 +0000

Delivery-date: Fri, 10 Jun 2022 08:38:46 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

flight 170904 xen-4.15-testing real [real] http://logs.test-lab.xenproject.org/osstest/logs/170904/ Regressions :-( Tests which did not succeed and are blocking, including tests which could not be run: test-amd64-i386-xl-qemuu-debianhvm-amd64 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-libvirt-raw 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemut-debianhvm-amd64 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-pair 12 xen-boot/src_host fail REGR. vs. 170870 test-amd64-i386-pair 13 xen-boot/dst_host fail REGR. vs. 170870 test-amd64-i386-migrupgrade 13 xen-boot/dst_host fail REGR. vs. 170870 test-amd64-i386-libvirt-xsm 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-freebsd10-amd64 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemuu-debianhvm-amd64-shadow 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-vhd 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemuu-ws16-amd64 8 xen-boot fail REGR. vs. 170870 test-amd64-coresched-i386-xl 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemuu-ovmf-amd64 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-qemut-rhel6hvm-intel 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-qemuu-rhel6hvm-intel 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-shadow 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-libvirt-pair 12 xen-boot/src_host fail REGR. vs. 170870 test-amd64-i386-libvirt-pair 13 xen-boot/dst_host fail REGR. vs. 170870 test-amd64-i386-livepatch 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-qemut-rhel6hvm-amd 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemuu-dmrestrict-amd64-dmrestrict 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemuu-debianhvm-i386-xsm 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-freebsd10-i386 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemut-ws16-amd64 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemut-stubdom-debianhvm-amd64-xsm 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-pvshim 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-xsm 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemut-debianhvm-i386-xsm 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemuu-win7-amd64 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-xl-qemut-win7-amd64 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-libvirt 8 xen-boot fail REGR. vs. 170870 test-amd64-i386-qemuu-rhel6hvm-amd 8 xen-boot fail REGR. vs. 170870 test-xtf-amd64-amd64-3 82 xtf/test-pv32pae-pv-iopl~hypercall fail REGR. vs. 170870 test-xtf-amd64-amd64-3 83 leak-check/check fail REGR. vs. 170870 test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm 8 xen-boot fail REGR. vs. 170870 test-xtf-amd64-amd64-1 83 xtf/test-pv32pae-pv-iopl~vmassist fail REGR. vs. 170870 test-xtf-amd64-amd64-1 84 leak-check/check fail REGR. vs. 170870 test-xtf-amd64-amd64-5 87 xtf/test-pv32pae-xsa-188 fail REGR. vs. 170870 test-xtf-amd64-amd64-5 88 leak-check/check fail REGR. vs. 170870 test-amd64-amd64-xl-qemut-stubdom-debianhvm-amd64-xsm 18 guest-localmigrate/x10 fail REGR. vs. 170870 Regressions which are regarded as allowable (not blocking): test-amd64-amd64-xl-rtds 20 guest-localmigrate/x10 fail REGR. vs. 170870 Tests which did not succeed, but are not blocking: test-armhf-armhf-libvirt 16 saverestore-support-check fail like 170870 test-amd64-amd64-xl-qemuu-win7-amd64 19 guest-stop fail like 170870 test-amd64-amd64-xl-qemut-win7-amd64 19 guest-stop fail like 170870 test-amd64-amd64-qemuu-nested-amd 20 debian-hvm-install/l1/l2 fail like 170870 test-amd64-amd64-xl-qemuu-ws16-amd64 19 guest-stop fail like 170870 test-armhf-armhf-xl-rtds 18 guest-start/debian.repeat fail like 170870 test-amd64-amd64-xl-qemut-ws16-amd64 19 guest-stop fail like 170870 test-armhf-armhf-libvirt-qcow2 15 saverestore-support-check fail like 170870 test-armhf-armhf-libvirt-raw 15 saverestore-support-check fail like 170870 test-amd64-amd64-libvirt 15 migrate-support-check fail never pass test-amd64-amd64-libvirt-xsm 15 migrate-support-check fail never pass test-arm64-arm64-xl-seattle 15 migrate-support-check fail never pass test-arm64-arm64-xl-seattle 16 saverestore-support-check fail never pass test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm 13 migrate-support-check fail never pass test-armhf-armhf-xl-multivcpu 15 migrate-support-check fail never pass test-armhf-armhf-xl-multivcpu 16 saverestore-support-check fail never pass test-arm64-arm64-xl 15 migrate-support-check fail never pass test-arm64-arm64-xl 16 saverestore-support-check fail never pass test-arm64-arm64-xl-credit1 15 migrate-support-check fail never pass test-arm64-arm64-xl-credit1 16 saverestore-support-check fail never pass test-arm64-arm64-xl-thunderx 15 migrate-support-check fail never pass test-arm64-arm64-xl-thunderx 16 saverestore-support-check fail never pass test-arm64-arm64-xl-xsm 15 migrate-support-check fail never pass test-arm64-arm64-xl-xsm 16 saverestore-support-check fail never pass test-arm64-arm64-xl-credit2 15 migrate-support-check fail never pass test-arm64-arm64-xl-credit2 16 saverestore-support-check fail never pass test-arm64-arm64-libvirt-xsm 15 migrate-support-check fail never pass test-arm64-arm64-libvirt-xsm 16 saverestore-support-check fail never pass test-armhf-armhf-xl 15 migrate-support-check fail never pass test-armhf-armhf-xl 16 saverestore-support-check fail never pass test-armhf-armhf-xl-arndale 15 migrate-support-check fail never pass test-armhf-armhf-xl-arndale 16 saverestore-support-check fail never pass test-armhf-armhf-libvirt 15 migrate-support-check fail never pass test-amd64-amd64-libvirt-vhd 14 migrate-support-check fail never pass test-arm64-arm64-libvirt-raw 14 migrate-support-check fail never pass test-arm64-arm64-libvirt-raw 15 saverestore-support-check fail never pass test-arm64-arm64-xl-vhd 14 migrate-support-check fail never pass test-arm64-arm64-xl-vhd 15 saverestore-support-check fail never pass test-armhf-armhf-xl-credit2 15 migrate-support-check fail never pass test-armhf-armhf-xl-credit2 16 saverestore-support-check fail never pass test-armhf-armhf-xl-vhd 14 migrate-support-check fail never pass test-armhf-armhf-xl-vhd 15 saverestore-support-check fail never pass test-armhf-armhf-xl-cubietruck 15 migrate-support-check fail never pass test-armhf-armhf-xl-cubietruck 16 saverestore-support-check fail never pass test-armhf-armhf-xl-rtds 15 migrate-support-check fail never pass test-armhf-armhf-xl-rtds 16 saverestore-support-check fail never pass test-armhf-armhf-xl-credit1 15 migrate-support-check fail never pass test-armhf-armhf-xl-credit1 16 saverestore-support-check fail never pass test-armhf-armhf-libvirt-qcow2 14 migrate-support-check fail never pass test-armhf-armhf-libvirt-raw 14 migrate-support-check fail never pass version targeted for testing: xen a851dbce6876cd2c5689f912787c15cc507cbb39 baseline version: xen 64249afeb63cf7d70b4faf02e76df5eed82371f9 Last test of basis 170870 2022-06-07 12:36:54 Z 2 days Testing same since 170904 2022-06-09 14:07:51 Z 0 days 1 attempts ------------------------------------------------------------ People who touched revisions under test: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> George Dunlap <george.dunlap@xxxxxxxxxxxxx> jobs: build-amd64-xsm pass build-arm64-xsm pass build-i386-xsm pass build-amd64-xtf pass build-amd64 pass build-arm64 pass build-armhf pass build-i386 pass build-amd64-libvirt pass build-arm64-libvirt pass build-armhf-libvirt pass build-i386-libvirt pass build-amd64-prev pass build-i386-prev pass build-amd64-pvops pass build-arm64-pvops pass build-armhf-pvops pass build-i386-pvops pass test-xtf-amd64-amd64-1 fail test-xtf-amd64-amd64-2 pass test-xtf-amd64-amd64-3 fail test-xtf-amd64-amd64-4 pass test-xtf-amd64-amd64-5 fail test-amd64-amd64-xl pass test-amd64-coresched-amd64-xl pass test-arm64-arm64-xl pass test-armhf-armhf-xl pass test-amd64-i386-xl fail test-amd64-coresched-i386-xl fail test-amd64-amd64-libvirt-qemuu-debianhvm-amd64-xsm pass test-amd64-i386-libvirt-qemuu-debianhvm-amd64-xsm fail test-amd64-amd64-xl-qemut-stubdom-debianhvm-amd64-xsm fail test-amd64-i386-xl-qemut-stubdom-debianhvm-amd64-xsm fail test-amd64-amd64-xl-qemut-debianhvm-i386-xsm pass test-amd64-i386-xl-qemut-debianhvm-i386-xsm fail test-amd64-amd64-xl-qemuu-debianhvm-i386-xsm pass test-amd64-i386-xl-qemuu-debianhvm-i386-xsm fail test-amd64-amd64-libvirt-xsm pass test-arm64-arm64-libvirt-xsm pass test-amd64-i386-libvirt-xsm fail test-amd64-amd64-xl-xsm pass test-arm64-arm64-xl-xsm pass test-amd64-i386-xl-xsm fail test-amd64-amd64-qemuu-nested-amd fail test-amd64-amd64-xl-pvhv2-amd pass test-amd64-i386-qemut-rhel6hvm-amd fail test-amd64-i386-qemuu-rhel6hvm-amd fail test-amd64-amd64-dom0pvh-xl-amd pass test-amd64-amd64-xl-qemut-debianhvm-amd64 pass test-amd64-i386-xl-qemut-debianhvm-amd64 fail test-amd64-amd64-xl-qemuu-debianhvm-amd64 pass test-amd64-i386-xl-qemuu-debianhvm-amd64 fail test-amd64-i386-freebsd10-amd64 fail test-amd64-amd64-qemuu-freebsd11-amd64 pass test-amd64-amd64-qemuu-freebsd12-amd64 pass test-amd64-amd64-xl-qemuu-ovmf-amd64 pass test-amd64-i386-xl-qemuu-ovmf-amd64 fail test-amd64-amd64-xl-qemut-win7-amd64 fail test-amd64-i386-xl-qemut-win7-amd64 fail test-amd64-amd64-xl-qemuu-win7-amd64 fail test-amd64-i386-xl-qemuu-win7-amd64 fail test-amd64-amd64-xl-qemut-ws16-amd64 fail test-amd64-i386-xl-qemut-ws16-amd64 fail test-amd64-amd64-xl-qemuu-ws16-amd64 fail test-amd64-i386-xl-qemuu-ws16-amd64 fail test-armhf-armhf-xl-arndale pass test-amd64-amd64-xl-credit1 pass test-arm64-arm64-xl-credit1 pass test-armhf-armhf-xl-credit1 pass test-amd64-amd64-xl-credit2 pass test-arm64-arm64-xl-credit2 pass test-armhf-armhf-xl-credit2 pass test-armhf-armhf-xl-cubietruck pass test-amd64-amd64-xl-qemuu-dmrestrict-amd64-dmrestrict pass test-amd64-i386-xl-qemuu-dmrestrict-amd64-dmrestrict fail test-amd64-i386-freebsd10-i386 fail test-amd64-amd64-qemuu-nested-intel pass test-amd64-amd64-xl-pvhv2-intel pass test-amd64-i386-qemut-rhel6hvm-intel fail test-amd64-i386-qemuu-rhel6hvm-intel fail test-amd64-amd64-dom0pvh-xl-intel pass test-amd64-amd64-libvirt pass test-armhf-armhf-libvirt pass test-amd64-i386-libvirt fail test-amd64-amd64-livepatch pass test-amd64-i386-livepatch fail test-amd64-amd64-migrupgrade pass test-amd64-i386-migrupgrade fail test-amd64-amd64-xl-multivcpu pass test-armhf-armhf-xl-multivcpu pass test-amd64-amd64-pair pass test-amd64-i386-pair fail test-amd64-amd64-libvirt-pair pass test-amd64-i386-libvirt-pair fail test-amd64-amd64-xl-pvshim pass test-amd64-i386-xl-pvshim fail test-amd64-amd64-pygrub pass test-armhf-armhf-libvirt-qcow2 pass test-amd64-amd64-xl-qcow2 pass test-arm64-arm64-libvirt-raw pass test-armhf-armhf-libvirt-raw pass test-amd64-i386-libvirt-raw fail test-amd64-amd64-xl-rtds fail test-armhf-armhf-xl-rtds fail test-arm64-arm64-xl-seattle pass test-amd64-amd64-xl-qemuu-debianhvm-amd64-shadow pass test-amd64-i386-xl-qemuu-debianhvm-amd64-shadow fail test-amd64-amd64-xl-shadow pass test-amd64-i386-xl-shadow fail test-arm64-arm64-xl-thunderx pass test-amd64-amd64-libvirt-vhd pass test-arm64-arm64-xl-vhd pass test-armhf-armhf-xl-vhd pass test-amd64-i386-xl-vhd fail ------------------------------------------------------------ sg-report-flight on osstest.test-lab.xenproject.org logs: /home/logs/logs images: /home/logs/images Logs, config files, etc. are available at http://logs.test-lab.xenproject.org/osstest/logs Explanation of these reports, and of osstest in general, is at http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README.email;hb=master http://xenbits.xen.org/gitweb/?p=osstest.git;a=blob;f=README;hb=master Test harness code can be found at http://xenbits.xen.org/gitweb?p=osstest.git;a=summary Not pushing. ------------------------------------------------------------ commit a851dbce6876cd2c5689f912787c15cc507cbb39 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Date: Thu Jun 9 15:37:52 2022 +0200 x86/pv: Track and flush non-coherent mappings of RAM There are legitimate uses of WC mappings of RAM, e.g. for DMA buffers with devices that make non-coherent writes. The Linux sound subsystem makes extensive use of this technique. For such usecases, the guest's DMA buffer is mapped and consistently used as WC, and Xen doesn't interact with the buffer. However, a mischevious guest can use WC mappings to deliberately create non-coherency between the cache and RAM, and use this to trick Xen into validating a pagetable which isn't actually safe. Allocate a new PGT_non_coherent to track the non-coherency of mappings. Set it whenever a non-coherent writeable mapping is created. If the page is used as anything other than PGT_writable_page, force a cache flush before validation. Also force a cache flush before the page is returned to the heap. This is CVE-2022-26364, part of XSA-402. Reported-by: Jann Horn <jannh@xxxxxxxxxx> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: George Dunlap <george.dunlap@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: c1c9cae3a9633054b177c5de21ad7268162b2f2c master date: 2022-06-09 14:23:37 +0200 commit 890efc0d2e64c92f708bf0e5acd0257181dcbacf Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Date: Thu Jun 9 15:37:07 2022 +0200 x86/amd: Work around CLFLUSH ordering on older parts On pre-CLFLUSHOPT AMD CPUs, CLFLUSH is weakely ordered with everything, including reads and writes to the address, and LFENCE/SFENCE instructions. This creates a multitude of problematic corner cases, laid out in the manual. Arrange to use MFENCE on both sides of the CLFLUSH to force proper ordering. This is part of XSA-402. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: 062868a5a8b428b85db589fa9a6d6e43969ffeb9 master date: 2022-06-09 14:23:07 +0200 commit 78fd76e1881d8fac3bec5f8a2ddd53d8a3de7762 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Date: Thu Jun 9 15:36:40 2022 +0200 x86: Split cache_flush() out of cache_writeback() Subsequent changes will want a fully flushing version. Use the new helper rather than opencoding it in flush_area_local(). This resolves an outstanding issue where the conditional sfence is on the wrong side of the clflushopt loop. clflushopt is ordered with respect to older stores, not to younger stores. Rename gnttab_cache_flush()'s helper to avoid colliding in name. grant_table.c can see the prototype from cache.h so the build fails otherwise. This is part of XSA-402. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: 9a67ffee3371506e1cbfdfff5b90658d4828f6a2 master date: 2022-06-09 14:22:38 +0200 commit 9b1e1e74a6c23ffad4c6a78973995957db2d4cc7 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Date: Thu Jun 9 15:36:15 2022 +0200 x86: Don't change the cacheability of the directmap Changeset 55f97f49b7ce ("x86: Change cache attributes of Xen 1:1 page mappings in response to guest mapping requests") attempted to keep the cacheability consistent between different mappings of the same page. The reason wasn't described in the changelog, but it is understood to be in regards to a concern over machine check exceptions, owing to errata when using mixed cacheabilities. It did this primarily by updating Xen's mapping of the page in the direct map when the guest mapped a page with reduced cacheability. Unfortunately, the logic didn't actually prevent mixed cacheability from occurring: * A guest could map a page normally, and then map the same page with different cacheability; nothing prevented this. * The cacheability of the directmap was always latest-takes-precedence in terms of guest requests. * Grant-mapped frames with lesser cacheability didn't adjust the page's cacheattr settings. * The map_domain_page() function still unconditionally created WB mappings, irrespective of the page's cacheattr settings. Additionally, update_xen_mappings() had a bug where the alias calculation was wrong for mfn's which were .init content, which should have been treated as fully guest pages, not Xen pages. Worse yet, the logic introduced a vulnerability whereby necessary pagetable/segdesc adjustments made by Xen in the validation logic could become non-coherent between the cache and main memory. The CPU could subsequently operate on the stale value in the cache, rather than the safe value in main memory. The directmap contains primarily mappings of RAM. PAT/MTRR conflict resolution is asymmetric, and generally for MTRR=WB ranges, PAT of lesser cacheability resolves to being coherent. The special case is WC mappings, which are non-coherent against MTRR=WB regions (except for fully-coherent CPUs). Xen must not have any WC cacheability in the directmap, to prevent Xen's actions from creating non-coherency. (Guest actions creating non-coherency is dealt with in subsequent patches.) As all memory types for MTRR=WB ranges inter-operate coherently, so leave Xen's directmap mappings as WB. Only PV guests with access to devices can use reduced-cacheability mappings to begin with, and they're trusted not to mount DoSs against the system anyway. Drop PGC_cacheattr_{base,mask} entirely, and the logic to manipulate them. Shift the later PGC_* constants up, to gain 3 extra bits in the main reference count. Retain the check in get_page_from_l1e() for special_pages() because a guest has no business using reduced cacheability on these. This reverts changeset 55f97f49b7ce6c3520c555d19caac6cf3f9a5df0 This is CVE-2022-26363, part of XSA-402. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: George Dunlap <george.dunlap@xxxxxxxxxx> master commit: ae09597da34aee6bc5b76475c5eea6994457e854 master date: 2022-06-09 14:22:08 +0200 commit 887b5ff2938ae256aa14df751816d830b5152d49 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Date: Thu Jun 9 15:35:40 2022 +0200 x86/page: Introduce _PAGE_* constants for memory types ... rather than opencoding the PAT/PCD/PWT attributes in __PAGE_HYPERVISOR_* constants. These are going to be needed by forthcoming logic. No functional change. This is part of XSA-402. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> master commit: 1be8707c75bf4ba68447c74e1618b521dd432499 master date: 2022-06-09 14:21:38 +0200 commit 82a94a179cae9fca3ecebe6c26868072088b8e3c Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Date: Thu Jun 9 15:35:23 2022 +0200 x86/pv: Fix ABAC cmpxchg() race in _get_page_type() _get_page_type() suffers from a race condition where it incorrectly assumes that because 'x' was read and a subsequent a cmpxchg() succeeds, the type cannot have changed in-between. Consider: CPU A: 1. Creates an L2e referencing pg `-> _get_page_type(pg, PGT_l1_page_table), sees count 0, type PGT_writable_page 2. Issues flush_tlb_mask() CPU B: 3. Creates a writeable mapping of pg `-> _get_page_type(pg, PGT_writable_page), count increases to 1 4. Writes into new mapping, creating a TLB entry for pg 5. Removes the writeable mapping of pg `-> _put_page_type(pg), count goes back down to 0 CPU A: 7. Issues cmpxchg(), setting count 1, type PGT_l1_page_table CPU B now has a writeable mapping to pg, which Xen believes is a pagetable and suitably protected (i.e. read-only). The TLB flush in step 2 must be deferred until after the guest is prohibited from creating new writeable mappings, which is after step 7. Defer all safety actions until after the cmpxchg() has successfully taken the intended typeref, because that is what prevents concurrent users from using the old type. Also remove the early validation for writeable and shared pages. This removes race conditions where one half of a parallel mapping attempt can return successfully before: * The IOMMU pagetables are in sync with the new page type * Writeable mappings to shared pages have been torn down This is part of XSA-401 / CVE-2022-26362. Reported-by: Jann Horn <jannh@xxxxxxxxxx> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: George Dunlap <george.dunlap@xxxxxxxxxx> master commit: 8cc5036bc385112a82f1faff27a0970e6440dfed master date: 2022-06-09 14:21:04 +0200 commit cc74ff882364317e3667c6251cc79bc76fa20ae4 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Date: Thu Jun 9 15:35:00 2022 +0200 x86/pv: Clean up _get_page_type() Various fixes for clarity, ahead of making complicated changes. * Split the overflow check out of the if/else chain for type handling, as it's somewhat unrelated. * Comment the main if/else chain to explain what is going on. Adjust one ASSERT() and state the bit layout for validate-locked and partial states. * Correct the comment about TLB flushing, as it's backwards. The problem case is when writeable mappings are retained to a page becoming read-only, as it allows the guest to bypass Xen's safety checks for updates. * Reduce the scope of 'y'. It is an artefact of the cmpxchg loop and not valid for use by subsequent logic. Switch to using ACCESS_ONCE() to treat all reads as explicitly volatile. The only thing preventing the validated wait-loop being infinite is the compiler barrier hidden in cpu_relax(). * Replace one page_get_owner(page) with the already-calculated 'd' already in scope. No functional change. This is part of XSA-401 / CVE-2022-26362. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: George Dunlap <george.dunlap@xxxxxxxxxx> master commit: 9186e96b199e4f7e52e033b238f9fe869afb69c7 master date: 2022-06-09 14:20:36 +0200 (qemu changes not included)

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.