From nobody Sun May 5 18:50:38 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1576764475; cv=none; d=zohomail.com; s=zohoarc; b=NmEBMYIgmBB7CRLMv1aDPnj6GxQG/AEXcMEDvDGGlLZ2b0Z9YgRfZvOZKlF35jRS0TrCC3jG1bWQkNtF+LLAY20q42pFuz3gIVV5xI6WJtht8IkjYEZ5insPblwSTqflIs188c8s1gTfzqr/bi11RkcAc+uWRFFFuwLZOjfHH7s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1576764475; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=kbcfKNoXCq5YIHOj7zdkz5vt/dt0xGk0GM1bs2qr7TQ=; b=m5gkLaZZqeyIa5fU18jUweLTmZ0nVTEfxNfZ6g3QHOkkdFIYpyb4G/yb42Z2726VZsRGtuRNTgIhhB14IjiQOYJOI4PSJsnLO8a89L+zTN16g6xSMw2CnhMLH5DhDiCtsgPzxT2hpMzKiOd+B/2nIIHWqhgra3QTNPJMUVYAbUM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1576764475214793.744663182157; Thu, 19 Dec 2019 06:07:55 -0800 (PST) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihwSD-000496-UK; Thu, 19 Dec 2019 14:07:01 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1ihwSD-000491-7C for xen-devel@lists.xenproject.org; Thu, 19 Dec 2019 14:07:01 +0000 Received: from esa6.hc3370-68.iphmx.com (unknown [216.71.155.175]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id d2ccd5fb-2268-11ea-91b5-12813bfff9fa; Thu, 19 Dec 2019 14:07:00 +0000 (UTC) X-Inumbo-ID: d2ccd5fb-2268-11ea-91b5-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1576764420; h=from:to:cc:subject:date:message-id:mime-version; bh=xjZWzoV7Mg4qg10dKcirQrIJj31tRiDX4/Of+4FOO4M=; b=BZMk28IvPfrw1LkZjhzF06jaIRa4zXlGtW8XiHpsvt6b3GJ42OScIFCh x+ma9nB2bdQCExlf1LmsdPfge6jSmu2rFuiE3ZfY5MkhDFwxyYJz3LkN7 iXOR+zImEkna/4dYiRRSh9dsUksZhu9U7woUTcOiVWZ1cuN2kL7tqFKYK Y=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: none (zohomail.com: 192.237.175.120 is neither permitted nor denied by domain of lists.xenproject.org) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa6.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa6.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa6.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa6.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa6.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa6.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: +m60mjyhU25ukkOOkJ9AF0JHATCW/cxRF1NZlnYfy0iAdar2k21J46H/9nUnXsWAuaMJrsmu0H YuYus5lscl2jxJJgfgcC+ntNSKWFy4C3s4nfJAdfh4kIS8s501YnDqEkdYDJErVMuZbT9ChYUj 29aYJGCfVwv+BSM5NLemSs2XHfbxr/xjb2Ge6ILZhHhd3ZxKtcQpVyoAJAynyceSI5Bi7/JgEo 3HiQaU351SyHC1suiTW4/zdyhKxkNs/SivZlk3uTpdYl2aLSVD1ZPkEZHsjyihQLYQ2UezVj1M 0lc= X-SBRS: 2.7 X-MesageID: 10351524 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.69,332,1571716800"; d="scan'208";a="10351524" From: Andrew Cooper To: Xen-devel Date: Thu, 19 Dec 2019 14:06:56 +0000 Message-ID: <20191219140656.9906-1-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH] libxc/restore: Fix data auditing in handle_x86_pv_info() X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Wei Liu , Ian Jackson Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) handle_x86_pv_info() has a subtle bug. It uses an 'else if' chain with a clause in the middle which doesn't exit unconditionally. In practice, this means that when restoring a 32bit PV guest, later sanity checks are skipped. Rework the logic a little to be simpler. There are exactly two valid combinations of fields in X86_PV_INFO, so factor this out and check them all in one go, before making adjustments to the current domain. Once adjustments have been completed successfully, sanity check the result against the X86_PV_INFO settings in one go, rather than piecewise. Signed-off-by: Andrew Cooper Reviewed-by: Ian Jackson --- CC: Ian Jackson CC: Wei Liu --- tools/libxc/xc_sr_restore_x86_pv.c | 69 ++++++++++++++++++++++------------= ---- 1 file changed, 41 insertions(+), 28 deletions(-) diff --git a/tools/libxc/xc_sr_restore_x86_pv.c b/tools/libxc/xc_sr_restore= _x86_pv.c index a2dbf85157..9e9ff32d47 100644 --- a/tools/libxc/xc_sr_restore_x86_pv.c +++ b/tools/libxc/xc_sr_restore_x86_pv.c @@ -582,6 +582,21 @@ static int update_guest_p2m(struct xc_sr_context *ctx) } =20 /* + * The valid width/pt_levels values in X86_PV_INFO are inextricably linked. + * Cross-check the legitimate combinations. + */ +static bool valid_x86_pv_info_combination( + const struct xc_sr_rec_x86_pv_info *info) +{ + switch ( info->guest_width ) + { + case 4: return info->pt_levels =3D=3D 3; + case 8: return info->pt_levels =3D=3D 4; + default: return false; + } +} + +/* * Process an X86_PV_INFO record. */ static int handle_x86_pv_info(struct xc_sr_context *ctx, @@ -602,29 +617,31 @@ static int handle_x86_pv_info(struct xc_sr_context *c= tx, rec->length, sizeof(*info)); return -1; } - else if ( info->guest_width !=3D 4 && - info->guest_width !=3D 8 ) + + if ( !valid_x86_pv_info_combination(info) ) { - ERROR("Unexpected guest width %u, Expected 4 or 8", - info->guest_width); + ERROR("Invalid X86_PV_INFO combination: width %u, pt_levels %u", + info->guest_width, info->pt_levels); return -1; } - else if ( info->guest_width !=3D ctx->x86_pv.width ) + + /* + * PV domains default to native width. For an incomming compat domain= , we + * will typically be the first entity to inform Xen. + */ + if ( info->guest_width !=3D ctx->x86_pv.width ) { - int rc; - struct xen_domctl domctl; - - /* Try to set address size, domain is always created 64 bit. */ - memset(&domctl, 0, sizeof(domctl)); - domctl.domain =3D ctx->domid; - domctl.cmd =3D XEN_DOMCTL_set_address_size; - domctl.u.address_size.size =3D info->guest_width * 8; - rc =3D do_domctl(xch, &domctl); + struct xen_domctl domctl =3D { + .domain =3D ctx->domid, + .cmd =3D XEN_DOMCTL_set_address_size, + .u.address_size.size =3D info->guest_width * 8, + }; + int rc =3D do_domctl(xch, &domctl); + if ( rc !=3D 0 ) { - ERROR("Width of guest in stream (%u" - " bits) differs with existing domain (%u bits)", - info->guest_width * 8, ctx->x86_pv.width * 8); + ERROR("Failed to update d%d address size to %u", + ctx->domid, info->guest_width * 8); return -1; } =20 @@ -636,18 +653,14 @@ static int handle_x86_pv_info(struct xc_sr_context *c= tx, return -1; } } - else if ( info->pt_levels !=3D 3 && - info->pt_levels !=3D 4 ) - { - ERROR("Unexpected guest levels %u, Expected 3 or 4", - info->pt_levels); - return -1; - } - else if ( info->pt_levels !=3D ctx->x86_pv.levels ) + + /* Sanity check (possibly new) domain settings. */ + if ( (info->guest_width !=3D ctx->x86_pv.width) || + (info->pt_levels !=3D ctx->x86_pv.levels) ) { - ERROR("Levels of guest in stream (%u" - ") differs with existing domain (%u)", - info->pt_levels, ctx->x86_pv.levels); + ERROR("X86_PV_INFO width/pt_levels settings %u/%u mismatch with d%= d %u/%u", + info->guest_width, info->pt_levels, ctx->domid, + ctx->x86_pv.width, ctx->x86_pv.levels); return -1; } =20 --=20 2.11.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel