From nobody Tue Nov 11 06:57:06 2025 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1569385843; cv=none; d=zoho.com; s=zohoarc; b=Qeui/bR0tawEM79HgsE5eh4b7tW17X79OtdNFJPUiKkBxaKawwCb9rKA3/bn2JTXo/Wb5HsgAkzC+pse/Ar3lfQdsAiISq3NuPBKdRswvrfl8QMr1oQCnvkQaXDJNGB8ASqjq10F4JtIqH2ebSQXSWj36olgwnqQ6kyYtlPEDHw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569385843; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=NlFSdUJDG1A4sieITTQWUrnbhuKw03zbqyD0qt2I51A=; b=QE8SscFvh8mnAYaPOJ/+MYps7/heT8euUm31FCXE8DUdcEHwGO825RxFWkUgtoaFAtPQKpoEsNJtB9CpIL1Xi1hugfaX7OtPda1ESu6SMFHLM+ZutkVT/ey+fcn+MZixov5b1xiAKbK5YosXRrzqLBHZdKm0bRzxZXkAOM7hdcw= ARC-Authentication-Results: i=1; mx.zoho.com; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1569385843047317.83586183700504; Tue, 24 Sep 2019 21:30:43 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iCyvc-0002QU-22; Wed, 25 Sep 2019 04:29:24 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iCyva-0002QP-PP for xen-devel@lists.xenproject.org; Wed, 25 Sep 2019 04:29:22 +0000 Received: from mx1.suse.de (unknown [195.135.220.15]) by localhost (Halon) with ESMTPS id 0b1583b2-df4d-11e9-bf31-bc764e2007e4; Wed, 25 Sep 2019 04:29:20 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id B7866AC84; Wed, 25 Sep 2019 04:29:19 +0000 (UTC) X-Inumbo-ID: 0b1583b2-df4d-11e9-bf31-bc764e2007e4 X-Virus-Scanned: by amavisd-new at test-mx.suse.de From: Juergen Gross To: xen-devel@lists.xenproject.org Date: Wed, 25 Sep 2019 06:29:17 +0200 Message-Id: <20190925042917.11392-1-jgross@suse.com> X-Mailer: git-send-email 2.16.4 Subject: [Xen-devel] [PATCH v2] xen/sched: don't let XEN_RUNSTATE_UPDATE leak into vcpu_runstate_get() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Stefano Stabellini , Wei Liu , Andrew Cooper , Julien Grall , Jan Beulich , Volodymyr Babchuk , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" vcpu_runstate_get() should never return a state entry time with XEN_RUNSTATE_UPDATE set. To avoid this let update_runstate_area() operate on a local runstate copy. This problem was introduced with commit 2529c850ea48f036 ("add update indicator to vcpu_runstate_info"). Reported-by: Andrew Cooper Signed-off-by: Juergen Gross Reviewed-by: Jan Beulich --- V2: add handling on ARM, too (Jan Beulich) --- xen/arch/arm/domain.c | 13 ++++++++----- xen/arch/x86/domain.c | 17 ++++++++++------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index ae13e47e86..d681ff5c6e 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -280,28 +280,31 @@ static void ctxt_switch_to(struct vcpu *n) static void update_runstate_area(struct vcpu *v) { void __user *guest_handle =3D NULL; + struct vcpu_runstate_info runstate; =20 if ( guest_handle_is_null(runstate_guest(v)) ) return; =20 + memcpy(&runstate, &v->runstate, sizeof(runstate)); + if ( VM_ASSIST(v->domain, runstate_update_flag) ) { guest_handle =3D &v->runstate_guest.p->state_entry_time + 1; guest_handle--; - v->runstate.state_entry_time |=3D XEN_RUNSTATE_UPDATE; + runstate.state_entry_time |=3D XEN_RUNSTATE_UPDATE; __raw_copy_to_guest(guest_handle, - (void *)(&v->runstate.state_entry_time + 1) - = 1, 1); + (void *)(&runstate.state_entry_time + 1) - 1, = 1); smp_wmb(); } =20 - __copy_to_guest(runstate_guest(v), &v->runstate, 1); + __copy_to_guest(runstate_guest(v), &runstate, 1); =20 if ( guest_handle ) { - v->runstate.state_entry_time &=3D ~XEN_RUNSTATE_UPDATE; + runstate.state_entry_time &=3D ~XEN_RUNSTATE_UPDATE; smp_wmb(); __raw_copy_to_guest(guest_handle, - (void *)(&v->runstate.state_entry_time + 1) - = 1, 1); + (void *)(&runstate.state_entry_time + 1) - 1, = 1); } } =20 diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index dbdf6b1bc2..c4eceaab3f 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1600,21 +1600,24 @@ bool update_runstate_area(struct vcpu *v) bool rc; struct guest_memory_policy policy =3D { .nested_guest_mode =3D false }; void __user *guest_handle =3D NULL; + struct vcpu_runstate_info runstate; =20 if ( guest_handle_is_null(runstate_guest(v)) ) return true; =20 update_guest_memory_policy(v, &policy); =20 + memcpy(&runstate, &v->runstate, sizeof(runstate)); + if ( VM_ASSIST(v->domain, runstate_update_flag) ) { guest_handle =3D has_32bit_shinfo(v->domain) ? &v->runstate_guest.compat.p->state_entry_time + 1 : &v->runstate_guest.native.p->state_entry_time + 1; guest_handle--; - v->runstate.state_entry_time |=3D XEN_RUNSTATE_UPDATE; + runstate.state_entry_time |=3D XEN_RUNSTATE_UPDATE; __raw_copy_to_guest(guest_handle, - (void *)(&v->runstate.state_entry_time + 1) - = 1, 1); + (void *)(&runstate.state_entry_time + 1) - 1, = 1); smp_wmb(); } =20 @@ -1622,20 +1625,20 @@ bool update_runstate_area(struct vcpu *v) { struct compat_vcpu_runstate_info info; =20 - XLAT_vcpu_runstate_info(&info, &v->runstate); + XLAT_vcpu_runstate_info(&info, &runstate); __copy_to_guest(v->runstate_guest.compat, &info, 1); rc =3D true; } else - rc =3D __copy_to_guest(runstate_guest(v), &v->runstate, 1) !=3D - sizeof(v->runstate); + rc =3D __copy_to_guest(runstate_guest(v), &runstate, 1) !=3D + sizeof(runstate); =20 if ( guest_handle ) { - v->runstate.state_entry_time &=3D ~XEN_RUNSTATE_UPDATE; + runstate.state_entry_time &=3D ~XEN_RUNSTATE_UPDATE; smp_wmb(); __raw_copy_to_guest(guest_handle, - (void *)(&v->runstate.state_entry_time + 1) - = 1, 1); + (void *)(&runstate.state_entry_time + 1) - 1, = 1); } =20 update_guest_memory_policy(v, &policy); --=20 2.16.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel