Xen project Mailing List

Re: [PATCH][4.17] x86/shadow: drop (replace) bogus assertions

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Fri, 14 Oct 2022 12:50:19 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Sv0yEyOILgtKWPOKreoq0TNzXam1SklXEY/x6lVR8mU=; b=GYXYEfjNYVtYaPeqgZmVR8xlZ1stUnEJV+AMfDYfdKEsuo1+OZV7FovY3l2iLUZqrbf56vWWaA4cV0jE0IYbFg7GsRB1ZAsC6XERw7WFrCDuSTBEwo7Z2f9NTrU92+od7T/0AQiIAQ1Ovle8b4ysB7AnDmPHS6mGLnO53MXcfS6AOjMzDHFRh0rMsS8QvBHishIyRyH1PYaybmVfrfqwnzUzK7xt7PkLZZKnRWl/b0KWLYBhAlfVj+pm27KoFphqzAZBd/NtnTEx16exbPK81mYSkW9kiKD2pCilYCYalMdR8/7tK3sCa1+gsnrRx+X/uYKpSaMr8WGffpfl72QJAA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=ZZH+BpDGJw6WX4J+SV5OXvjWR6ZicvuCvJ8pxStYMc9hxFpLFolusykdee+1fMO6SB8/Fvu91EfjxEIfHIkdHZVgWexquhWQBfCH9eEZRiGkNtobwQ9O/6NXNaHDI8pNUuO5RzD/GO22szZzPVguGDZlmOZl+DrBCURdAvbmHRTcDWQkITPRuQDN1O31gxQUyxYSgs99mzNDGw1djRfm1Pa2S2RLeFJqfEY+mljrF+MoYBYWgMXl4Y+cm+HEGuzvnr1msWLwOsmAazH/bKVOZtg3b5qFPKyJqqZHP417RQNCc5tv6SuXZHa90DWI289wrO/Ci8KRhAqAOOLhtPQu6A==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Tim Deegan <tim@xxxxxxx>, Henry Wang <Henry.Wang@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>

Delivery-date: Fri, 14 Oct 2022 10:50:34 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14.10.2022 12:30, Roger Pau Monné wrote: > On Fri, Oct 14, 2022 at 10:49:55AM +0200, Jan Beulich wrote: >> The addition of a call to shadow_blow_tables() from shadow_teardown() >> has resulted in the "no vcpus" related assertion becoming triggerable: >> If domain_create() fails with at least one page successfully allocated >> in the course of shadow_enable(), or if domain_create() succeeds and >> the domain is then killed without ever invoking XEN_DOMCTL_max_vcpus. >> >> The assertion's comment was bogus anyway: Shadow mode has been getting >> enabled before allocation of vCPU-s for quite some time. Convert the >> assertion to a conditional: As long as there are no vCPU-s, there's >> nothing to blow away. >> >> Fixes: e7aa55c0aab3 ("x86/p2m: free the paging memory pool preemptively") >> Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> >> >> A similar assertion/comment pair exists in _shadow_prealloc(); the >> comment is similarly bogus, and the assertion could in principle trigger >> e.g. when shadow_alloc_p2m_page() is called early enough. Replace those >> at the same time by a similar early return, here indicating failure to >> the caller (which will generally lead to the domain being crashed in >> shadow_prealloc()). > > It's my understanding we do care about this because a control domain > could try to populate the p2m before calling XEN_DOMCTL_max_vcpus, and > hence could trigger the ASSERT, as otherwise asserting would be fine. Yes, that's the scenario I had in mind. >> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Thanks, but Andrew and I will need to reach agreement before I can put this (or whatever alternative) in. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.