From: "Jan Beulich" <JBeulich@suse.com>
To: Razvan Cojocaru <rcojocaru@bitdefender.com>
Cc: George Dunlap <George.Dunlap@eu.citrix.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Kevin Tian <kevin.tian@intel.com>,
Jun Nakajima <jun.nakajima@intel.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH V5] x86/altp2m: Fix crash with INVALID_ALTP2M EPTP index
Date: Mon, 16 Jul 2018 02:51:23 -0600 [thread overview]
Message-ID: <5B4C5C8B02000078001D42CF@prv1-mh.provo.novell.com> (raw)
In-Reply-To: <1c4bccfc-4703-2fc6-3c24-059982ce22c4@bitdefender.com>
>>> On 16.07.18 at 10:30, <rcojocaru@bitdefender.com> wrote:
> On 07/02/2018 08:48 AM, Tian, Kevin wrote:
>>> From: Razvan Cojocaru [mailto:rcojocaru@bitdefender.com]
>>> Sent: Thursday, June 28, 2018 10:35 PM
>>>
>>> A VM exit handler executed immediately after enabling #VE might
>>> find a stale __vmsave()d EPTP_INDEX, stored by calling
>>> altp2m_vcpu_destroy() when
>>> SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS
>>> had been enabled by altp2m_vcpu_update_vmfunc_ve().
>>>
>>> vmx_vmexit_handler() __vmread()s EPTP_INDEX as soon as
>>> SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS is set, so if an
>>> application enables altp2m on a domain, succesfully calls
>>> xc_altp2m_set_vcpu_enable_notify(), then disables altp2m and
>>> exits, a second run of said application will likely read the
>>> INVALID_ALTP2M EPTP_INDEX set when disabling altp2m in the first
>>> run, and crash the host with the BUG_ON(idx >= MAX_ALTP2M),
>>> between xc_altp2m_set_vcpu_enable_notify() and
>>> xc_altp2m_set_domain_state(..., false).
>>>
>>> The problem is not restricted to an INVALID_ALTP2M EPTP_INDEX
>>> (which can only sanely happen on altp2m uninit), but applies
>>> to any stale index previously saved - which means that all
>>> altp2m_vcpu_update_vmfunc_ve() calls must also call
>>> altp2m_vcpu_update_p2m() after setting
>>> SECONDARY_EXEC_ENABLE_VIRT_EXCEPTIONS, in order to make sure
>>> that the stored EPTP_INDEX is always valid at
>>> vmx_vmexit_handler() time.
>>>
>>> I don't however fold the two functions into one everywhere,
>>> since in p2m_switch_domain_altp2m_by_id() and
>>> p2m_switch_vcpu_altp2m_by_id() the extra work done by
>>> altp2m_vcpu_update_vmfunc_ve() is unnecessary and has side
>>> effects (such as __vmwrite(VM_FUNCTION_CONTROL, ...)).
>>>
>>> Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
>>>
>>
>> Reviewed-by: Kevin Tian <kevin.tian@intel.com>.
>>
>> btw next time please use more descriptive words and less
>> function names in commit message.
>
> Fair enough, thanks for the review! Is further action required for this
> patch to go in (perhaps George's ack)?
George's ack, indeed.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next prev parent reply other threads:[~2018-07-16 8:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-28 14:35 [PATCH V5] x86/altp2m: Fix crash with INVALID_ALTP2M EPTP index Razvan Cojocaru
2018-06-28 14:38 ` Jan Beulich
2018-07-02 5:48 ` Tian, Kevin
2018-07-16 8:30 ` Razvan Cojocaru
2018-07-16 8:51 ` Jan Beulich [this message]
2018-07-20 15:07 ` George Dunlap
2018-07-20 16:29 ` Razvan Cojocaru
2018-07-20 17:18 ` George Dunlap
2018-07-20 18:02 ` Razvan Cojocaru
2018-07-23 10:29 ` George Dunlap
2018-07-23 11:34 ` Razvan Cojocaru
2018-08-01 9:02 ` Razvan Cojocaru
2018-08-02 6:32 ` Tian, Kevin
2018-08-02 6:35 ` Razvan Cojocaru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5B4C5C8B02000078001D42CF@prv1-mh.provo.novell.com \
--to=jbeulich@suse.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=jun.nakajima@intel.com \
--cc=kevin.tian@intel.com \
--cc=rcojocaru@bitdefender.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.