From nobody Sat Apr 27 06:44:10 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1566375836; cv=none; d=zoho.com; s=zohoarc; b=eo76m2jXSTaaP9/MFZG+mIMdbIcFbauueHqxyF+a4XTDOQwBj+djOa48vCc87z+9Hu/cgvexNp5HJqysWJFx8gwOs0k2AMs/8xAphwUAoyEBVjlmkjlNv13xnfFaWpyRQF6YvZQXwNn+sa8GfZzCltUAVwujzFCnTkZbp7NGlb0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1566375836; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=YS58d5c3R5EWmqvBfOJ4oms3gBqZIdfyoQUac+eZoh4=; b=kbfTBGzuQ/jC6SF6iG4/IEhUAMMktIuuuzt89lqgDtEg+W9SsiJqK7JSA9T2kBZYkd75+z9KPV3d0LkQk4cSFV9aHxJbMaDhPOYI1C4Ish53ym3GacQrCzEHkjN3YgvQ8DmT/BGHohTPR9uwKfqa8UneipWCu032kEjoo36gTkc= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=fail; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1566375836699878.336885007315; Wed, 21 Aug 2019 01:23:56 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1i0Ltc-0003p0-Rr; Wed, 21 Aug 2019 08:23:08 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1i0Ltb-0003mz-04 for xen-devel@lists.xenproject.org; Wed, 21 Aug 2019 08:23:07 +0000 Received: from esa2.hc3370-68.iphmx.com (unknown [216.71.145.153]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id e603e40e-c3ec-11e9-8980-bc764e2007e4; Wed, 21 Aug 2019 08:23:05 +0000 (UTC) X-Inumbo-ID: e603e40e-c3ec-11e9-8980-bc764e2007e4 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1566375786; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=cDsTbg+gYXCSha21QNGtKKOhqh33I3xRlKP80Cy+ANg=; b=DRKzd/zR1dAB5zG2mn6ttrAllHsWHI7sNw5i5udgWfwBXRM1vDbwWDKB emLBKFqU0JgYhZvzkonxnRSCI7xP2MlLJRE3CqRGwPY0dKkzNdUHBngLy RE7DSyslobTV+b5aS4lskDWTvU4o0DFQjd1USib4sD4F+CvBnhwLPMlfN k=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=paul.durrant@citrix.com; spf=Pass smtp.mailfrom=Paul.Durrant@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa2.hc3370-68.iphmx.com: no sender authenticity information available from domain of paul.durrant@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="paul.durrant@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa2.hc3370-68.iphmx.com: domain of Paul.Durrant@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="Paul.Durrant@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa2.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa2.hc3370-68.iphmx.com; envelope-from="Paul.Durrant@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: KLkfprOzVJjGwWkMXdCV6hNOk01tB8a0K74x/t5Moo4AUxwYiHZDRZhZTvOL8GSxjKgfGc5nrH ZPyVcwAE/Ba9yydcmuTndxonGiks6GMZ8I4TU6+8EW9MenRRULkGUtTIfA01ZruS5E2xo8V2jk 3j8Xs2qRc28wXWHlCcO7MBoRjz7eiHcUSKqrUUbv00yrlSyEN//FKx6K9AK/C4izK4bpnzOH1q IuxK/Zlz6mB9XtiNJCCGopcdgDxfqEiizl+CdM7ETM5ezlnwVlXvIrbtoc6XpCKC7ZVqJfjU1s Rbw= X-SBRS: 2.7 X-MesageID: 4515699 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.64,412,1559534400"; d="scan'208";a="4515699" From: Paul Durrant To: Date: Wed, 21 Aug 2019 09:22:58 +0100 Message-ID: <20190821082258.36549-1-paul.durrant@citrix.com> X-Mailer: git-send-email 2.20.1.2.gb21ebb671 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH] viridian: make viridian_time_domain_freeze() safe to call... X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Paul Durrant , Wei Liu , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) ...on a partially destroyed domain. viridian_time_domain_freeze() and viridian_time_vcpu_freeze() rely (respectively) on the dynamically allocated per-domain and per-vcpu viridian areas [1], which are freed during domain_relinquish_resources(). Because arch_domain_pause() can call viridian_domain_time_freeze() this can lead to host crashes if e.g. a XEN_DOMCTL_pausedomain is issued after domain_relinquish_resources() has run. To prevent such crashes, this patch adds a check of is_dying into viridian_time_domain_freeze(), and viridian_time_domain_thaw() which is similarly vulnerable to indirection into freed memory. NOTE: The patch also makes viridian_time_vcpu_freeze/thaw() static, since they have no callers outside of the same source module. [1] See commit e7a9b5e72f26 "viridian: separately allocate domain and vcpu structures". Signed-off-by: Paul Durrant Reviewed-by: Roger Pau Monn=C3=A9 --- Cc: Jan Beulich Cc: Andrew Cooper Cc: Wei Liu Cc: "Roger Pau Monn=C3=A9" --- xen/arch/x86/hvm/viridian/time.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xen/arch/x86/hvm/viridian/time.c b/xen/arch/x86/hvm/viridian/t= ime.c index ac087383c8..e80330a6ae 100644 --- a/xen/arch/x86/hvm/viridian/time.c +++ b/xen/arch/x86/hvm/viridian/time.c @@ -296,7 +296,7 @@ void viridian_time_poll_timers(struct vcpu *v) poll_stimer(v, i); } =20 -void viridian_time_vcpu_freeze(struct vcpu *v) +static void viridian_time_vcpu_freeze(struct vcpu *v) { struct viridian_vcpu *vv =3D v->arch.hvm.viridian; unsigned int i; @@ -314,7 +314,7 @@ void viridian_time_vcpu_freeze(struct vcpu *v) } } =20 -void viridian_time_vcpu_thaw(struct vcpu *v) +static void viridian_time_vcpu_thaw(struct vcpu *v) { struct viridian_vcpu *vv =3D v->arch.hvm.viridian; unsigned int i; @@ -336,7 +336,7 @@ void viridian_time_domain_freeze(const struct domain *d) { struct vcpu *v; =20 - if ( !is_viridian_domain(d) ) + if ( d->is_dying || !is_viridian_domain(d) ) return; =20 for_each_vcpu ( d, v ) @@ -349,7 +349,7 @@ void viridian_time_domain_thaw(const struct domain *d) { struct vcpu *v; =20 - if ( !is_viridian_domain(d) ) + if ( d->is_dying || !is_viridian_domain(d) ) return; =20 time_ref_count_thaw(d); --=20 2.20.1.2.gb21ebb671 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel