From: Juergen Gross <jgross@suse.com>
To: Andrew Cooper <Andrew.Cooper3@citrix.com>,
"xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: Elena Ufimtseva <elena.ufimtseva@oracle.com>,
Jan Beulich <jbeulich@suse.com>,
Roger Pau Monne <roger.pau@citrix.com>, Wei Liu <wl@xen.org>,
George Dunlap <George.Dunlap@citrix.com>,
Julien Grall <julien@xen.org>,
Stefano Stabellini <sstabellini@kernel.org>,
Cheyenne Wills <cheyenne.wills@gmail.com>
Subject: Re: [PATCH v2] xen: fix XEN_DOMCTL_gdbsx_guestmemio crash
Date: Tue, 19 Apr 2022 12:51:29 +0200 [thread overview]
Message-ID: <b10ad983-de3e-029c-6fa4-6aa646671fc5@suse.com> (raw)
In-Reply-To: <5c6f75d7-d5d1-856f-c8d0-da1bd823be63@citrix.com>
[-- Attachment #1.1.1: Type: text/plain, Size: 2467 bytes --]
On 19.04.22 12:40, Andrew Cooper wrote:
> On 19/04/2022 11:18, Juergen Gross wrote:
>> A hypervisor built without CONFIG_GDBSX will crash in case the
>> XEN_DOMCTL_gdbsx_guestmemio domctl is being called, as the call will
>> end up in iommu_do_domctl() with d == NULL:
>>
>> (XEN) CPU: 6
>> (XEN) RIP: e008:[<ffff82d040269984>] iommu_do_domctl+0x4/0x30
>> (XEN) RFLAGS: 0000000000010202 CONTEXT: hypervisor (d0v0)
>> (XEN) rax: 00000000000003e8 rbx: ffff830856277ef8 rcx: ffff830856277fff
>> ...
>> (XEN) Xen call trace:
>> (XEN) [<ffff82d040269984>] R iommu_do_domctl+0x4/0x30
>> (XEN) [<ffff82d04035cd5f>] S arch_do_domctl+0x7f/0x2330
>> (XEN) [<ffff82d040239e46>] S do_domctl+0xe56/0x1930
>> (XEN) [<ffff82d040238ff0>] S do_domctl+0/0x1930
>> (XEN) [<ffff82d0402f8c59>] S pv_hypercall+0x99/0x110
>> (XEN) [<ffff82d0402f5161>] S arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90
>> (XEN) [<ffff82d040366288>] S lstar_enter+0x128/0x130
>> (XEN)
>> (XEN) Pagetable walk from 0000000000000144:
>> (XEN) L4[0x000] = 0000000000000000 ffffffffffffffff
>> (XEN)
>> (XEN) ****************************************
>> (XEN) Panic on CPU 6:
>> (XEN) FATAL PAGE FAULT
>> (XEN) [error_code=0000]
>> (XEN) Faulting linear address: 0000000000000144
>>
>> Fix this issue by modifying the interface of gdbsx_guest_mem_io() to
>> take the already known domain pointer instead of the domid.
>
> There is some explanation missing here. The adjustments you make are
> within CONFIG_GDBSX, with the exception of the final hunk.
Yeah, and this is the one really fixing the issue, while the
other hunks are needed to cope with the way the problem is
fixed.
> The actual bug is that non-IOMMU subops end up in iommu_do_domctl(), so
> while this is good cleanup to gdbsx_guest_mem_io() it, along with Jan's
> adjustment to iommu_do_domctl(), are not suitable fixes to the crash as
> reported.
The same way non-arch subops might end up in arch_do_domctl().
What would be the right way to fix that in your opinion?
IMO any subop handler called under the default label of a switch() should
be able to handle unknown subops. This is done for iommu_do_domctl() in
Jan's patch by not dereferencing d unconditionally.
My patch is fixing the original patch referred to in the Fixes: tag.
V1 was another way to fix that, but V2 is IMO the better variant, as it
is even simplifying the code.
Juergen
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3149 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]
next prev parent reply other threads:[~2022-04-19 10:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-19 10:18 [PATCH v2] xen: fix XEN_DOMCTL_gdbsx_guestmemio crash Juergen Gross
2022-04-19 10:31 ` Jan Beulich
2022-04-19 10:40 ` Andrew Cooper
2022-04-19 10:51 ` Juergen Gross [this message]
2022-04-19 12:59 ` Andrew Cooper
2022-04-19 10:54 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b10ad983-de3e-029c-6fa4-6aa646671fc5@suse.com \
--to=jgross@suse.com \
--cc=Andrew.Cooper3@citrix.com \
--cc=George.Dunlap@citrix.com \
--cc=cheyenne.wills@gmail.com \
--cc=elena.ufimtseva@oracle.com \
--cc=jbeulich@suse.com \
--cc=julien@xen.org \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.