[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH][4.17?] x86: also zap secondary time area handles during soft reset

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Thu, 13 Oct 2022 08:48:21 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ezaXX3tuWYuuKtIIcFyc3PbRfsPfDcPpzv/X2sTSW/8=; b=hapT/jNhLdaUYxXO8uuUL2mK3QagCzll0yQQtt8TnZmma6AzjrMUUGs/crl3bMYKZI7lmH4mv2JjlkFN7a3PPxP2M2xP3z7/Mh9/DXuNWIg2I1dkT0ljy55PdnpOTU4qiqLwSsLNxf1hEMdq2ZirvioHw+0fR8cJdPTHx9fa/z3Vd/gDEx5GwRRDIYrMIz737N28fVTOCU9B229WDxiQumWjeBNZomu9Nq44fODlD1Uo0C1FtC6lhtSGYf0uj9yWDjSEeNJQ157LO8lFRoYxH9nZeiG+nKWpmw2a+TUG3D44B00hRfc+QY9TYUtJh1UFCCSAos0/mlkqtAeEwdq3Cw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L0odZEpW7nICs6RHpA5TnVUOW7lsciLXjdoHAe8BveNll9FhU7mfUf9H5qBGqA6P+xS5rRTUK8U6AK5qS1AHw4yH92MLfLqMRsRwJC+6SqCrj9+4ViwN6/RZtYrCgSkxRXy/itAR5Dq5DmYoMnUcaoXjli4Q7W7+vnWWZ3mrCeq8qTfa4wTfq369IW/7r2HhJAtMBaGFNn2YQUDFiEvj4vHfwiO5MZc5aOfVEDwJAUZxOS48zR+eQ8qfu03FYwM5kp7AIWK1aa0aE4X2EVkFExoEPuZrOuJOg7OsKbVB2JxRLk+2F/pii4Qp1/L0BQMtwsLXeIq82XEl8u2qo29K4A==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>
  • Delivery-date: Thu, 13 Oct 2022 06:48:30 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Just like domain_soft_reset() properly zaps runstate area handles, the
secondary time area ones also need discarding to prevent guest memory
corruption once the guest is re-started.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
To avoid another for_each_vcpu() here, domain_soft_reset() could also
be made call a new arch_vcpu_soft_reset() out of its already present
loop. Yet that would make the change less isolated.

In domain_soft_reset() I wonder whether, just like done here, the
zapping of runstate area handles and vCPU info mappings wouldn't better
be done after all operations which can fail. But perhaps for this to
matter the domain is left in too inconsistent a state anyway if the
function fails ... However, at the very least I wonder whether x86'es
restriction to HVM shouldn't leave PV guests undisturbed if a soft-reset
was attempted on them. Right now they not only have state partially
clobbered, but (if the arch function is reached) they would be crashed
unconditionally.

--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -951,6 +951,7 @@ int arch_domain_soft_reset(struct domain
     struct page_info *page = virt_to_page(d->shared_info), *new_page;
     int ret = 0;
     struct domain *owner;
+    struct vcpu *v;
     mfn_t mfn;
     gfn_t gfn;
     p2m_type_t p2mt;
@@ -1030,7 +1031,12 @@ int arch_domain_soft_reset(struct domain
                "Failed to add a page to replace %pd's shared_info frame 
%"PRI_gfn"\n",
                d, gfn_x(gfn));
         free_domheap_page(new_page);
+        goto exit_put_gfn;
     }
+
+    for_each_vcpu ( d, v )
+        set_xen_guest_handle(v->arch.time_info_guest, NULL);
+
  exit_put_gfn:
     put_gfn(d, gfn_x(gfn));
  exit_put_page:

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.