[PATCH v2] tools/libs/guest: fix save and restore of pv domains after 32-bit de-support

Juergen Gross posted 1 patch 2 years, 9 months ago
Test gitlab-ci failed
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/20210607130005.5475-1-jgross@suse.com
tools/libs/guest/xg_sr_common.h        |  2 +-
tools/libs/guest/xg_sr_common_x86_pv.c | 37 +++++++++++++++-----------
2 files changed, 22 insertions(+), 17 deletions(-)
[PATCH v2] tools/libs/guest: fix save and restore of pv domains after 32-bit de-support
Posted by Juergen Gross 2 years, 9 months ago
After 32-bit PV-guests have been security de-supported when not running
under PV-shim, the hypervisor will no longer be configured to support
those domains per default when not being built as PV-shim.

Unfortunately libxenguest will fail saving or restoring a PV domain
due to this restriction, as it is trying to get the compat MFN list
even for 64 bit guests.

Fix that by obtaining the compat MFN list only for 32-bit PV guests.

Fixes: 1a0f2fe2297d122a08fe ("SUPPORT.md: Un-shimmed 32-bit PV guests are no longer supported")
Signed-off-by: Juergen Gross <jgross@suse.com>
---
V2:
- set compat MFN to "invalid" instead of net setting it at all (Jan Beulich)
- don't set compat MFN for 64-bit guests even if running as 32-bit
  domain (Andrew Cooper)
---
 tools/libs/guest/xg_sr_common.h        |  2 +-
 tools/libs/guest/xg_sr_common_x86_pv.c | 37 +++++++++++++++-----------
 2 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/tools/libs/guest/xg_sr_common.h b/tools/libs/guest/xg_sr_common.h
index cc3ad1c394..e2994e18ac 100644
--- a/tools/libs/guest/xg_sr_common.h
+++ b/tools/libs/guest/xg_sr_common.h
@@ -325,7 +325,7 @@ struct xc_sr_context
                 xen_pfn_t max_mfn;
                 /* Read-only machine to phys map */
                 xen_pfn_t *m2p;
-                /* first mfn of the compat m2p (Only needed for 32bit PV guests) */
+                /* first mfn of the compat m2p (Only set for 32bit PV guests) */
                 xen_pfn_t compat_m2p_mfn0;
                 /* Number of m2p frames mapped */
                 unsigned long nr_m2p_frames;
diff --git a/tools/libs/guest/xg_sr_common_x86_pv.c b/tools/libs/guest/xg_sr_common_x86_pv.c
index cd33406aab..f339ea4a79 100644
--- a/tools/libs/guest/xg_sr_common_x86_pv.c
+++ b/tools/libs/guest/xg_sr_common_x86_pv.c
@@ -149,27 +149,32 @@ int x86_pv_map_m2p(struct xc_sr_context *ctx)
 
     ctx->x86.pv.nr_m2p_frames = (M2P_CHUNK_SIZE >> PAGE_SHIFT) * m2p_chunks;
 
+    if ( ctx->x86.pv.levels == 3 )
+    {
 #ifdef __i386__
-    /* 32 bit toolstacks automatically get the compat m2p */
-    ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn;
+        /* 32 bit toolstacks automatically get the compat m2p */
+        ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn;
 #else
-    /* 64 bit toolstacks need to ask Xen specially for it */
-    {
-        struct xen_machphys_mfn_list xmml = {
-            .max_extents = 1,
-            .extent_start = { &ctx->x86.pv.compat_m2p_mfn0 },
-        };
-
-        rc = do_memory_op(xch, XENMEM_machphys_compat_mfn_list,
-                          &xmml, sizeof(xmml));
-        if ( rc || xmml.nr_extents != 1 )
+        /* 64 bit toolstacks need to ask Xen specially for it */
         {
-            PERROR("Failed to get compat mfn list from Xen");
-            rc = -1;
-            goto err;
+            struct xen_machphys_mfn_list xmml = {
+                .max_extents = 1,
+                .extent_start = { &ctx->x86.pv.compat_m2p_mfn0 },
+            };
+
+            rc = do_memory_op(xch, XENMEM_machphys_compat_mfn_list,
+                              &xmml, sizeof(xmml));
+            if ( rc || xmml.nr_extents != 1 )
+            {
+                PERROR("Failed to get compat mfn list from Xen");
+                rc = -1;
+                goto err;
+            }
         }
-    }
 #endif
+    }
+    else
+        ctx->x86.pv.compat_m2p_mfn0 = INVALID_MFN;
 
     /* All Done */
     rc = 0;
-- 
2.26.2


Re: [PATCH v2] tools/libs/guest: fix save and restore of pv domains after 32-bit de-support
Posted by Jan Beulich 2 years, 9 months ago
On 07.06.2021 15:00, Juergen Gross wrote:
> --- a/tools/libs/guest/xg_sr_common_x86_pv.c
> +++ b/tools/libs/guest/xg_sr_common_x86_pv.c
> @@ -149,27 +149,32 @@ int x86_pv_map_m2p(struct xc_sr_context *ctx)
>  
>      ctx->x86.pv.nr_m2p_frames = (M2P_CHUNK_SIZE >> PAGE_SHIFT) * m2p_chunks;
>  
> +    if ( ctx->x86.pv.levels == 3 )
> +    {

With this opening brace you no longer need ...

>  #ifdef __i386__
> -    /* 32 bit toolstacks automatically get the compat m2p */
> -    ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn;
> +        /* 32 bit toolstacks automatically get the compat m2p */
> +        ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn;
>  #else
> -    /* 64 bit toolstacks need to ask Xen specially for it */
> -    {

... this one, and hence you could avoid re-indenting ...

> -        struct xen_machphys_mfn_list xmml = {
> -            .max_extents = 1,
> -            .extent_start = { &ctx->x86.pv.compat_m2p_mfn0 },
> -        };
> -
> -        rc = do_memory_op(xch, XENMEM_machphys_compat_mfn_list,
> -                          &xmml, sizeof(xmml));
> -        if ( rc || xmml.nr_extents != 1 )
> +        /* 64 bit toolstacks need to ask Xen specially for it */
>          {
> -            PERROR("Failed to get compat mfn list from Xen");
> -            rc = -1;
> -            goto err;
> +            struct xen_machphys_mfn_list xmml = {
> +                .max_extents = 1,
> +                .extent_start = { &ctx->x86.pv.compat_m2p_mfn0 },
> +            };
> +
> +            rc = do_memory_op(xch, XENMEM_machphys_compat_mfn_list,
> +                              &xmml, sizeof(xmml));
> +            if ( rc || xmml.nr_extents != 1 )
> +            {
> +                PERROR("Failed to get compat mfn list from Xen");
> +                rc = -1;
> +                goto err;
> +            }

... all of this. Preferably with such reduced code churn,
still/again:
Reviewed-by: Jan Beulich <jbeulich@suse.com>

Jan


Re: [PATCH v2] tools/libs/guest: fix save and restore of pv domains after 32-bit de-support
Posted by Andrew Cooper 2 years, 9 months ago
On 07/06/2021 14:04, Jan Beulich wrote:
> On 07.06.2021 15:00, Juergen Gross wrote:
>> --- a/tools/libs/guest/xg_sr_common_x86_pv.c
>> +++ b/tools/libs/guest/xg_sr_common_x86_pv.c
>> @@ -149,27 +149,32 @@ int x86_pv_map_m2p(struct xc_sr_context *ctx)
>>  
>>      ctx->x86.pv.nr_m2p_frames = (M2P_CHUNK_SIZE >> PAGE_SHIFT) * m2p_chunks;
>>  
>> +    if ( ctx->x86.pv.levels == 3 )
>> +    {
> With this opening brace you no longer need ...
>
>>  #ifdef __i386__
>> -    /* 32 bit toolstacks automatically get the compat m2p */
>> -    ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn;
>> +        /* 32 bit toolstacks automatically get the compat m2p */
>> +        ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn;
>>  #else
>> -    /* 64 bit toolstacks need to ask Xen specially for it */
>> -    {
> ... this one, and hence you could avoid re-indenting ...
>
>> -        struct xen_machphys_mfn_list xmml = {
>> -            .max_extents = 1,
>> -            .extent_start = { &ctx->x86.pv.compat_m2p_mfn0 },
>> -        };
>> -
>> -        rc = do_memory_op(xch, XENMEM_machphys_compat_mfn_list,
>> -                          &xmml, sizeof(xmml));
>> -        if ( rc || xmml.nr_extents != 1 )
>> +        /* 64 bit toolstacks need to ask Xen specially for it */
>>          {
>> -            PERROR("Failed to get compat mfn list from Xen");
>> -            rc = -1;
>> -            goto err;
>> +            struct xen_machphys_mfn_list xmml = {
>> +                .max_extents = 1,
>> +                .extent_start = { &ctx->x86.pv.compat_m2p_mfn0 },
>> +            };
>> +
>> +            rc = do_memory_op(xch, XENMEM_machphys_compat_mfn_list,
>> +                              &xmml, sizeof(xmml));
>> +            if ( rc || xmml.nr_extents != 1 )
>> +            {
>> +                PERROR("Failed to get compat mfn list from Xen");
>> +                rc = -1;
>> +                goto err;
>> +            }
> ... all of this. Preferably with such reduced code churn,
> still/again:

I agree.  I can fix on commit, if you're happy with that.

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Re: [PATCH v2] tools/libs/guest: fix save and restore of pv domains after 32-bit de-support
Posted by Juergen Gross 2 years, 9 months ago
On 07.06.21 15:59, Andrew Cooper wrote:
> On 07/06/2021 14:04, Jan Beulich wrote:
>> On 07.06.2021 15:00, Juergen Gross wrote:
>>> --- a/tools/libs/guest/xg_sr_common_x86_pv.c
>>> +++ b/tools/libs/guest/xg_sr_common_x86_pv.c
>>> @@ -149,27 +149,32 @@ int x86_pv_map_m2p(struct xc_sr_context *ctx)
>>>   
>>>       ctx->x86.pv.nr_m2p_frames = (M2P_CHUNK_SIZE >> PAGE_SHIFT) * m2p_chunks;
>>>   
>>> +    if ( ctx->x86.pv.levels == 3 )
>>> +    {
>> With this opening brace you no longer need ...
>>
>>>   #ifdef __i386__
>>> -    /* 32 bit toolstacks automatically get the compat m2p */
>>> -    ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn;
>>> +        /* 32 bit toolstacks automatically get the compat m2p */
>>> +        ctx->x86.pv.compat_m2p_mfn0 = entries[0].mfn;
>>>   #else
>>> -    /* 64 bit toolstacks need to ask Xen specially for it */
>>> -    {
>> ... this one, and hence you could avoid re-indenting ...
>>
>>> -        struct xen_machphys_mfn_list xmml = {
>>> -            .max_extents = 1,
>>> -            .extent_start = { &ctx->x86.pv.compat_m2p_mfn0 },
>>> -        };
>>> -
>>> -        rc = do_memory_op(xch, XENMEM_machphys_compat_mfn_list,
>>> -                          &xmml, sizeof(xmml));
>>> -        if ( rc || xmml.nr_extents != 1 )
>>> +        /* 64 bit toolstacks need to ask Xen specially for it */
>>>           {
>>> -            PERROR("Failed to get compat mfn list from Xen");
>>> -            rc = -1;
>>> -            goto err;
>>> +            struct xen_machphys_mfn_list xmml = {
>>> +                .max_extents = 1,
>>> +                .extent_start = { &ctx->x86.pv.compat_m2p_mfn0 },
>>> +            };
>>> +
>>> +            rc = do_memory_op(xch, XENMEM_machphys_compat_mfn_list,
>>> +                              &xmml, sizeof(xmml));
>>> +            if ( rc || xmml.nr_extents != 1 )
>>> +            {
>>> +                PERROR("Failed to get compat mfn list from Xen");
>>> +                rc = -1;
>>> +                goto err;
>>> +            }
>> ... all of this. Preferably with such reduced code churn,
>> still/again:
> 
> I agree.  I can fix on commit, if you're happy with that.

I'm fine with that.

> 
> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
> 

Thanks,

Juergen