[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] xen: fix XEN_DOMCTL_gdbsx_guestmemio crash

  • To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 19 Apr 2022 12:54:01 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zoxhfr82Occigyy5m+24ZIHn+JCHCGZqZG110RjXNHE=; b=VYRrk4KnEnZmShOIwSslyqFpnBB41twvPgjFt2A3/w0plHzVX1sjd9bVIMojt0uBF1Z6kcQH1HY2AePtYx7ODKQwjShrFdpV8wCd6obDXRMzzaKfHscBUMtX5oD89uiaoE8NTBd2NqxVZu7wK6BXJQfzmxsXrI8VCAp7uuht561j/6YHeM7FON1ZlHURTRXzAUUyuTEv47Prp6O84jPBCyy3If92xqtOdcUm/jnUbdVuvB5yEwEaDA/MeS8GqFsokC/gNYs8FtqgiqxYaROlyE3cdj7RB1ZVdN1HEKwpQL8So4Ny22bNkH87CGDGV3GlTa1LA6CEV6xDWktw57vYfw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oAxfRj8QT0FtEhQbUwzQ5e8g5yzvvczW9rz5bjwNpXR1j7Aqz+yZEH21V9fXYzKIRqwlSmRcVDXYBtn8KZE/qcL846klYsQWqzR2syFl9EihmSJEu481xJCqeseNpwzC3Rs5+/w3PKYwQt+yb+6OuGpUKXajGpAsoVBclyV5/RuD4aQpcjAcofsIM4GVQ40LTUM+dlRrlekQDUpXB4iScIFT3XjPWJ8VGzyBD3uSAB4gUDFFxWN6eVazdTtpX2VLvqWFMPXaffi89wIEIcuoGqzvXRG4TBsYgocKBf83fu3wJbAVMe4VMEbBG31oBTw8xGXnf5zp8OBSrppDz0cxVQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Elena Ufimtseva <elena.ufimtseva@xxxxxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Cheyenne Wills <cheyenne.wills@xxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 19 Apr 2022 10:54:10 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 19.04.2022 12:40, Andrew Cooper wrote:
> On 19/04/2022 11:18, Juergen Gross wrote:
>> A hypervisor built without CONFIG_GDBSX will crash in case the
>> XEN_DOMCTL_gdbsx_guestmemio domctl is being called, as the call will
>> end up in iommu_do_domctl() with d == NULL:
>>
>> (XEN) CPU:    6
>> (XEN) RIP:    e008:[<ffff82d040269984>] iommu_do_domctl+0x4/0x30
>> (XEN) RFLAGS: 0000000000010202   CONTEXT: hypervisor (d0v0)
>> (XEN) rax: 00000000000003e8   rbx: ffff830856277ef8   rcx: ffff830856277fff
>> ...
>> (XEN) Xen call trace:
>> (XEN)    [<ffff82d040269984>] R iommu_do_domctl+0x4/0x30
>> (XEN)    [<ffff82d04035cd5f>] S arch_do_domctl+0x7f/0x2330
>> (XEN)    [<ffff82d040239e46>] S do_domctl+0xe56/0x1930
>> (XEN)    [<ffff82d040238ff0>] S do_domctl+0/0x1930
>> (XEN)    [<ffff82d0402f8c59>] S pv_hypercall+0x99/0x110
>> (XEN)    [<ffff82d0402f5161>] S 
>> arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90
>> (XEN)    [<ffff82d040366288>] S lstar_enter+0x128/0x130
>> (XEN)
>> (XEN) Pagetable walk from 0000000000000144:
>> (XEN)  L4[0x000] = 0000000000000000 ffffffffffffffff
>> (XEN)
>> (XEN) ****************************************
>> (XEN) Panic on CPU 6:
>> (XEN) FATAL PAGE FAULT
>> (XEN) [error_code=0000]
>> (XEN) Faulting linear address: 0000000000000144
>>
>> Fix this issue by modifying the interface of gdbsx_guest_mem_io() to
>> take the already known domain pointer instead of the domid.
> 
> There is some explanation missing here.  The adjustments you make are
> within CONFIG_GDBSX, with the exception of the final hunk.
> 
> 
> The actual bug is that non-IOMMU subops end up in iommu_do_domctl(), so
> while this is good cleanup to gdbsx_guest_mem_io() it, along with Jan's
> adjustment to iommu_do_domctl(), are not suitable fixes to the crash as
> reported.

Whether non-IOMMU subops ending up in iommu_do_domctl() is a bug is a
matter of the position you take: Considering how we chain common -> arch
-> IOMMU domctls, this can also be viewed as intentional, with further
chaining going to be added anywhere in this set. The downside of your
approach (which otherwise I think would have been the way to go already
when the IOMMU domctls gained their own function) is that at least one
higher layer will need to know which specific sub-ops the function is
going to handle. If that was acceptable, I'd then question whether the
top layer shouldn't also know which sub-ops the per-arch functions are
going to handle.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.