Xen project Mailing List

Re: [Xen-devel] [PATCH] vm_event: make sure the domain is paused in key domctls

To: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>

From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Date: Fri, 29 Jan 2016 08:52:45 +0200

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

Delivery-date: Fri, 29 Jan 2016 06:52:54 +0000

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=pvTTmnWBmN+0GZZPk63XfxDMotQ9d80R3rA6dlUkjvCYssoHvEu/m+xsfRxU6YXIRvaUuPlCcRyOJsUw5vWrGhYzod9f+prMn33EeFpmtKAgNS7ieMrJk0cjAPlP3vtcI+jhbgkNAvzSiTod/dw5+rizfsorC2qNXx92WWOGb9mtQW1nmMNEmkhoKTI8aGjMt/a+/h2Zw6SEMyU5Sr2CIHtW/V9xuxYBQmcN654JWG3seIchEBQN59LikdDYw40DR9c99BxeAsRD6yKUeaXjsvadxqna37GfiCC5EmaIW07AU74PxaoZLiWzACNt+X+k1vvQml/QIjoMtTMQEHpNOg==; h=Received:Received:Received:Received:Received:Subject:To:References:Cc:From:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp;

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 01/28/2016 11:47 PM, Tamas K Lengyel wrote: > > > On Thu, Jan 28, 2016 at 2:05 PM, Razvan Cojocaru > <rcojocaru@xxxxxxxxxxxxxxx <mailto:rcojocaru@xxxxxxxxxxxxxxx>> wrote: > > On 01/28/2016 10:09 PM, Tamas K Lengyel wrote: > > On Thu, Jan 28, 2016 at 6:52 AM, Razvan Cojocaru > > <rcojocaru@xxxxxxxxxxxxxxx <mailto:rcojocaru@xxxxxxxxxxxxxxx> > <mailto:rcojocaru@xxxxxxxxxxxxxxx > <mailto:rcojocaru@xxxxxxxxxxxxxxx>>> wrote: > > > > This patch pauses the domain for all writes through the 'ad' > > pointer in monitor_domctl(), defers a domain_unpause() call until > > after the CRs are updated for the MONITOR_EVENT_WRITE_CTRLREG > > case, and makes sure that the domain is paused for both vm_event > > enable and disable cases in vm_event_domctl(). > > Thanks go to Andrew Cooper for his review and suggestions. > > > > > > For vm_event_enable the domain is already paused by libxc before the > > domctl is issued. I don't see a problem in doing another pause in Xen, > > but given we have XSA-99, just doing this pause in Xen would not be > > enough. So is it really necessary/fixes anything? > > This isn't about XSA-99, the problem here is related to my previous > patch "x86 vm_event: reset monitor in vm_event_cleanup_domain()". While > that improves matters and greatly reduces the chances of crashes due to > hvm_msr_write_intercept() or hvm_set_crX() dereferencing a NULL > v->arch.vm_event that's assumed to be OK, when the corresponding > v->domain->arch.monitor is non-zero, the foolproof way is to make sure > that functions such as vm_event_cleanup_domain() are always being called > only while the domain has been paused. So there should be a > domain_pause() call somewhere on the call path before that. > > > Sure, but that's the disable case. I was only wondering about the enable > case where the domain is already paused. Yes, for the disable case it is functionally redundant. I just thought it would be consistent to use domain_pause() throughout and didn't think it would hurt anything. But I have nothing against removing the domain_pause() for the enable case (perhaps replacing it with a comment that libxc already pauses externally), unless Andrew has any objections. Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.