| Message ID | 20220419135254.21729-2-jgross@suse.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | xen: fix and cleanup domctl handling | expand |
On 19.04.2022 15:52, Juergen Gross wrote: > A hypervisor built without CONFIG_GDBSX will crash in case the > XEN_DOMCTL_gdbsx_guestmemio domctl is being called, as the call will > end up in iommu_do_domctl() with d == NULL: > > (XEN) CPU: 6 > (XEN) RIP: e008:[<ffff82d040269984>] iommu_do_domctl+0x4/0x30 > (XEN) RFLAGS: 0000000000010202 CONTEXT: hypervisor (d0v0) > (XEN) rax: 00000000000003e8 rbx: ffff830856277ef8 rcx: ffff830856277fff > ... > (XEN) Xen call trace: > (XEN) [<ffff82d040269984>] R iommu_do_domctl+0x4/0x30 > (XEN) [<ffff82d04035cd5f>] S arch_do_domctl+0x7f/0x2330 > (XEN) [<ffff82d040239e46>] S do_domctl+0xe56/0x1930 > (XEN) [<ffff82d040238ff0>] S do_domctl+0/0x1930 > (XEN) [<ffff82d0402f8c59>] S pv_hypercall+0x99/0x110 > (XEN) [<ffff82d0402f5161>] S arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90 > (XEN) [<ffff82d040366288>] S lstar_enter+0x128/0x130 > (XEN) > (XEN) Pagetable walk from 0000000000000144: > (XEN) L4[0x000] = 0000000000000000 ffffffffffffffff > (XEN) > (XEN) **************************************** > (XEN) Panic on CPU 6: > (XEN) FATAL PAGE FAULT > (XEN) [error_code=0000] > (XEN) Faulting linear address: 0000000000000144 > > Fix this issue by making sure the domain pointer has a sane value. > > Reported-by: Cheyenne Wills <cheyenne.wills@gmail.com> > Fixes: e726a82ca0dc ("xen: make gdbsx support configurable") > Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
On 19/04/2022 14:52, Juergen Gross wrote: > A hypervisor built without CONFIG_GDBSX will crash in case the > XEN_DOMCTL_gdbsx_guestmemio domctl is being called, as the call will > end up in iommu_do_domctl() with d == NULL: > > (XEN) CPU: 6 > (XEN) RIP: e008:[<ffff82d040269984>] iommu_do_domctl+0x4/0x30 > (XEN) RFLAGS: 0000000000010202 CONTEXT: hypervisor (d0v0) > (XEN) rax: 00000000000003e8 rbx: ffff830856277ef8 rcx: ffff830856277fff > ... > (XEN) Xen call trace: > (XEN) [<ffff82d040269984>] R iommu_do_domctl+0x4/0x30 > (XEN) [<ffff82d04035cd5f>] S arch_do_domctl+0x7f/0x2330 > (XEN) [<ffff82d040239e46>] S do_domctl+0xe56/0x1930 > (XEN) [<ffff82d040238ff0>] S do_domctl+0/0x1930 > (XEN) [<ffff82d0402f8c59>] S pv_hypercall+0x99/0x110 > (XEN) [<ffff82d0402f5161>] S arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90 > (XEN) [<ffff82d040366288>] S lstar_enter+0x128/0x130 > (XEN) > (XEN) Pagetable walk from 0000000000000144: > (XEN) L4[0x000] = 0000000000000000 ffffffffffffffff > (XEN) > (XEN) **************************************** > (XEN) Panic on CPU 6: > (XEN) FATAL PAGE FAULT > (XEN) [error_code=0000] > (XEN) Faulting linear address: 0000000000000144 > > Fix this issue by making sure the domain pointer has a sane value. > > Reported-by: Cheyenne Wills <cheyenne.wills@gmail.com> > Fixes: e726a82ca0dc ("xen: make gdbsx support configurable") > Signed-off-by: Juergen Gross <jgross@suse.com> Thanks, but I was hoping for a bit of discussion on the use of DOMID_IDLE. It used to be permitted to pass DOMID_IDLE to dbg_rw_mem() to access Xen memory, which is why the XEN_DOMCTL_gdbsx_guestmemio special case existed. It turns out that it was also e726a82ca0dc which dropped the ability to use DOMID_IDLE, meaning that this fix is a missing hunk from the original change too. This is relevant backport information, and would have created complexities if they hadn't been the same changeset. So, now about: "It used to be permitted to pass DOMID_IDLE to dbg_rw_mem(), which is why the special case excluding domid checks exists. Now that it is only permitted to pass proper domids, remove the special case, thus making 'd' always valid." ? Can be fixed on commit, so Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> for everything else. ~Andrew
On 19.04.22 16:37, Andrew Cooper wrote: > On 19/04/2022 14:52, Juergen Gross wrote: >> A hypervisor built without CONFIG_GDBSX will crash in case the >> XEN_DOMCTL_gdbsx_guestmemio domctl is being called, as the call will >> end up in iommu_do_domctl() with d == NULL: >> >> (XEN) CPU: 6 >> (XEN) RIP: e008:[<ffff82d040269984>] iommu_do_domctl+0x4/0x30 >> (XEN) RFLAGS: 0000000000010202 CONTEXT: hypervisor (d0v0) >> (XEN) rax: 00000000000003e8 rbx: ffff830856277ef8 rcx: ffff830856277fff >> ... >> (XEN) Xen call trace: >> (XEN) [<ffff82d040269984>] R iommu_do_domctl+0x4/0x30 >> (XEN) [<ffff82d04035cd5f>] S arch_do_domctl+0x7f/0x2330 >> (XEN) [<ffff82d040239e46>] S do_domctl+0xe56/0x1930 >> (XEN) [<ffff82d040238ff0>] S do_domctl+0/0x1930 >> (XEN) [<ffff82d0402f8c59>] S pv_hypercall+0x99/0x110 >> (XEN) [<ffff82d0402f5161>] S arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90 >> (XEN) [<ffff82d040366288>] S lstar_enter+0x128/0x130 >> (XEN) >> (XEN) Pagetable walk from 0000000000000144: >> (XEN) L4[0x000] = 0000000000000000 ffffffffffffffff >> (XEN) >> (XEN) **************************************** >> (XEN) Panic on CPU 6: >> (XEN) FATAL PAGE FAULT >> (XEN) [error_code=0000] >> (XEN) Faulting linear address: 0000000000000144 >> >> Fix this issue by making sure the domain pointer has a sane value. >> >> Reported-by: Cheyenne Wills <cheyenne.wills@gmail.com> >> Fixes: e726a82ca0dc ("xen: make gdbsx support configurable") >> Signed-off-by: Juergen Gross <jgross@suse.com> > > Thanks, but I was hoping for a bit of discussion on the use of DOMID_IDLE. > > It used to be permitted to pass DOMID_IDLE to dbg_rw_mem() to access Xen > memory, which is why the XEN_DOMCTL_gdbsx_guestmemio special case existed. > > It turns out that it was also e726a82ca0dc which dropped the ability to > use DOMID_IDLE, meaning that this fix is a missing hunk from the > original change too. > > This is relevant backport information, and would have created > complexities if they hadn't been the same changeset. > > So, now about: > > "It used to be permitted to pass DOMID_IDLE to dbg_rw_mem(), which is > why the special case excluding domid checks exists. Now that it is only > permitted to pass proper domids, remove the special case, thus making > 'd' always valid." > > ? Fine with me. > > Can be fixed on commit, so Reviewed-by: Andrew Cooper > <andrew.cooper3@citrix.com> for everything else. Thanks, Juergen
diff --git a/xen/common/domctl.c b/xen/common/domctl.c index 57135d4478..5879117580 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -308,7 +308,6 @@ long cf_check do_domctl(XEN_GUEST_HANDLE_PARAM(xen_domctl_t) u_domctl) if ( op->domain == DOMID_INVALID ) { case XEN_DOMCTL_createdomain: - case XEN_DOMCTL_gdbsx_guestmemio: d = NULL; break; }
A hypervisor built without CONFIG_GDBSX will crash in case the XEN_DOMCTL_gdbsx_guestmemio domctl is being called, as the call will end up in iommu_do_domctl() with d == NULL: (XEN) CPU: 6 (XEN) RIP: e008:[<ffff82d040269984>] iommu_do_domctl+0x4/0x30 (XEN) RFLAGS: 0000000000010202 CONTEXT: hypervisor (d0v0) (XEN) rax: 00000000000003e8 rbx: ffff830856277ef8 rcx: ffff830856277fff ... (XEN) Xen call trace: (XEN) [<ffff82d040269984>] R iommu_do_domctl+0x4/0x30 (XEN) [<ffff82d04035cd5f>] S arch_do_domctl+0x7f/0x2330 (XEN) [<ffff82d040239e46>] S do_domctl+0xe56/0x1930 (XEN) [<ffff82d040238ff0>] S do_domctl+0/0x1930 (XEN) [<ffff82d0402f8c59>] S pv_hypercall+0x99/0x110 (XEN) [<ffff82d0402f5161>] S arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90 (XEN) [<ffff82d040366288>] S lstar_enter+0x128/0x130 (XEN) (XEN) Pagetable walk from 0000000000000144: (XEN) L4[0x000] = 0000000000000000 ffffffffffffffff (XEN) (XEN) **************************************** (XEN) Panic on CPU 6: (XEN) FATAL PAGE FAULT (XEN) [error_code=0000] (XEN) Faulting linear address: 0000000000000144 Fix this issue by making sure the domain pointer has a sane value. Reported-by: Cheyenne Wills <cheyenne.wills@gmail.com> Fixes: e726a82ca0dc ("xen: make gdbsx support configurable") Signed-off-by: Juergen Gross <jgross@suse.com> --- V2: - use gdbsx_guest_mem_io() interface modification (Jan Beulich) V3: - avoid d being NULL (Andrew Cooper) --- xen/common/domctl.c | 1 - 1 file changed, 1 deletion(-)