From nobody Tue Nov 11 07:09:28 2025 Delivered-To: importer@patchew.org Received-SPF: none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1569510230; cv=none; d=zoho.com; s=zohoarc; b=cu7zxj18yrJgiJIbwzppIXSamq7naMHJQ+Z6ZtlCq1YmmJOkF5k8wgVrqrXqn5yxCGlJX6SoAAUSn/EkrfaD0/WJH/X5eMIkjLwq/hTVEHiKgrMqN1V0N/B/CXJnzM5zSpimBWCeDlzwi0pyyf9Sm16KhqKqpweAJRhZC7bk97Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569510230; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results; bh=IWoC0f4zkfWlzceNVGedxsdpSVG7wMTZrHpQLmWqTBw=; b=QEO3vh4ITOCLcJPLFXPAUivNMXwH02WKCmPyxTvUDkT2944uqQTaSVMHhxkQVNEpeVHCRSbBAglEAjNo2tf1HHEw8phFOLUGG+LtiHQVX9xZsfsHDpqzjO2KZrbNrHDurFN/SPYGHA3fMg2TslqABb6C510IcAqYO9+nLDfqWTw= ARC-Authentication-Results: i=1; mx.zoho.com; spf=none (zoho.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1569510230057775.1215616539048; Thu, 26 Sep 2019 08:03:50 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDVI5-0004uT-1L; Thu, 26 Sep 2019 15:02:45 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1iDVI3-0004uC-FN for xen-devel@lists.xenproject.org; Thu, 26 Sep 2019 15:02:43 +0000 Received: from mx1.suse.de (unknown [195.135.220.15]) by localhost (Halon) with ESMTPS id afd9e8e4-e06e-11e9-bf31-bc764e2007e4; Thu, 26 Sep 2019 15:02:41 +0000 (UTC) Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id A194DAEB3; Thu, 26 Sep 2019 15:02:40 +0000 (UTC) X-Inumbo-ID: afd9e8e4-e06e-11e9-bf31-bc764e2007e4 X-Virus-Scanned: by amavisd-new at test-mx.suse.de From: Juergen Gross To: xen-devel@lists.xenproject.org Date: Thu, 26 Sep 2019 17:02:38 +0200 Message-Id: <20190926150238.1910-1-jgross@suse.com> X-Mailer: git-send-email 2.16.4 Subject: [Xen-devel] [PATCH v3] xen/sched: don't let XEN_RUNSTATE_UPDATE leak into vcpu_runstate_get() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Juergen Gross , Stefano Stabellini , Wei Liu , Andrew Cooper , Julien Grall , Jan Beulich , Volodymyr Babchuk , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" vcpu_runstate_get() should never return a state entry time with XEN_RUNSTATE_UPDATE set. To avoid this let update_runstate_area() operate on a local runstate copy. As it is required to first set the XEN_RUNSTATE_UPDATE indicator in guest memory, then update all the runstate data, and then at last clear the XEN_RUNSTATE_UPDATE again it is much less effort to have a local copy of the runstate data instead of keeping only a copy of state_entry_time. This problem was introduced with commit 2529c850ea48f036 ("add update indicator to vcpu_runstate_info"). Reported-by: Andrew Cooper Signed-off-by: Juergen Gross Acked-by: Julien Grall Reviewed-by: Jan Beulich --- V2: add handling on ARM, too (Jan Beulich) --- xen/arch/arm/domain.c | 13 ++++++++----- xen/arch/x86/domain.c | 17 ++++++++++------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/xen/arch/arm/domain.c b/xen/arch/arm/domain.c index 61d35cd120..f0ee5a2140 100644 --- a/xen/arch/arm/domain.c +++ b/xen/arch/arm/domain.c @@ -280,28 +280,31 @@ static void ctxt_switch_to(struct vcpu *n) static void update_runstate_area(struct vcpu *v) { void __user *guest_handle =3D NULL; + struct vcpu_runstate_info runstate; =20 if ( guest_handle_is_null(runstate_guest(v)) ) return; =20 + memcpy(&runstate, &v->runstate, sizeof(runstate)); + if ( VM_ASSIST(v->domain, runstate_update_flag) ) { guest_handle =3D &v->runstate_guest.p->state_entry_time + 1; guest_handle--; - v->runstate.state_entry_time |=3D XEN_RUNSTATE_UPDATE; + runstate.state_entry_time |=3D XEN_RUNSTATE_UPDATE; __raw_copy_to_guest(guest_handle, - (void *)(&v->runstate.state_entry_time + 1) - = 1, 1); + (void *)(&runstate.state_entry_time + 1) - 1, = 1); smp_wmb(); } =20 - __copy_to_guest(runstate_guest(v), &v->runstate, 1); + __copy_to_guest(runstate_guest(v), &runstate, 1); =20 if ( guest_handle ) { - v->runstate.state_entry_time &=3D ~XEN_RUNSTATE_UPDATE; + runstate.state_entry_time &=3D ~XEN_RUNSTATE_UPDATE; smp_wmb(); __raw_copy_to_guest(guest_handle, - (void *)(&v->runstate.state_entry_time + 1) - = 1, 1); + (void *)(&runstate.state_entry_time + 1) - 1, = 1); } } =20 diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c index c0faf68852..c7fa224c89 100644 --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1600,21 +1600,24 @@ bool update_runstate_area(struct vcpu *v) bool rc; struct guest_memory_policy policy =3D { .nested_guest_mode =3D false }; void __user *guest_handle =3D NULL; + struct vcpu_runstate_info runstate; =20 if ( guest_handle_is_null(runstate_guest(v)) ) return true; =20 update_guest_memory_policy(v, &policy); =20 + memcpy(&runstate, &v->runstate, sizeof(runstate)); + if ( VM_ASSIST(v->domain, runstate_update_flag) ) { guest_handle =3D has_32bit_shinfo(v->domain) ? &v->runstate_guest.compat.p->state_entry_time + 1 : &v->runstate_guest.native.p->state_entry_time + 1; guest_handle--; - v->runstate.state_entry_time |=3D XEN_RUNSTATE_UPDATE; + runstate.state_entry_time |=3D XEN_RUNSTATE_UPDATE; __raw_copy_to_guest(guest_handle, - (void *)(&v->runstate.state_entry_time + 1) - = 1, 1); + (void *)(&runstate.state_entry_time + 1) - 1, = 1); smp_wmb(); } =20 @@ -1622,20 +1625,20 @@ bool update_runstate_area(struct vcpu *v) { struct compat_vcpu_runstate_info info; =20 - XLAT_vcpu_runstate_info(&info, &v->runstate); + XLAT_vcpu_runstate_info(&info, &runstate); __copy_to_guest(v->runstate_guest.compat, &info, 1); rc =3D true; } else - rc =3D __copy_to_guest(runstate_guest(v), &v->runstate, 1) !=3D - sizeof(v->runstate); + rc =3D __copy_to_guest(runstate_guest(v), &runstate, 1) !=3D + sizeof(runstate); =20 if ( guest_handle ) { - v->runstate.state_entry_time &=3D ~XEN_RUNSTATE_UPDATE; + runstate.state_entry_time &=3D ~XEN_RUNSTATE_UPDATE; smp_wmb(); __raw_copy_to_guest(guest_handle, - (void *)(&v->runstate.state_entry_time + 1) - = 1, 1); + (void *)(&runstate.state_entry_time + 1) - 1, = 1); } =20 update_guest_memory_policy(v, &policy); --=20 2.16.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel