From: Tomasz Wroblewski <tomasz.wroblewski@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: xen-devel@lists.xenproject.org, dgdegra@tycho.nsa.gov
Subject: Re: [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present
Date: Mon, 26 Aug 2013 14:24:31 +0200 [thread overview]
Message-ID: <521B48FF.1040904@citrix.com> (raw)
In-Reply-To: <521B543902000078000EE55D@nat28.tlf.novell.com>
On 08/26/2013 01:12 PM, Jan Beulich wrote:
>>>> On 26.08.13 at 12:03, Tomasz Wroblewski<tomasz.wroblewski@citrix.com> wrote:
>> Xen crashes on boot of xsm/flask enabled builds, if policy module is not
>> specified.
>> This seems to have worked on 4.1 at least.
> Looking at the code (4.1.5) I can't see what would prevent the
> same NULL pointer deref. Care to explain?
The crash doesn't happen at the NULL pointer dereference site though,
but a bit later, when xen tries to flush tlbs for first time I believe,
which happens during page allocation for the initial domain structure. I
traced it to the following ASSERT in smp.c (so yes I should add this
particular crash likely is limited to debug builds then)
void flush_area_mask(const cpumask_t *mask, const void *va, unsigned int
flags)
{
ASSERT(local_irq_is_enabled());
...
The actual crash message is unhelpful since it's basically only
...
(XEN) Using scheduler: SMP Credit Scheduler (credit)
(XEN) Unknown interrupt (cr2=0000000000000000)
Either removing the assert (which is obviously bad), or checking for the
null pointer deref as in the submitted patch seems to be fixing it. I'm
suspecting it was always broken somehow but just was hidden or had
different side effects on 4.1 than it does now. I do lack for a good
explanation why fiddling with null addresses breaks up this assert, though.
>> Can be fixed by testing whether
>> policy_buffer
>> is NULL before attempting to load from it - it's a global which is set to
>> non-NULL when
>> policy module is detected.
>>
>> Signed-off-by: Tomasz Wroblewski<tomasz.wroblewski@citrix.com>
>> ---
>> xen/xsm/flask/hooks.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c
>> index fa0589a..cfa2929 100644
>> --- a/xen/xsm/flask/hooks.c
>> +++ b/xen/xsm/flask/hooks.c
>> @@ -1585,7 +1585,8 @@ static __init int flask_init(void)
>> if ( register_xsm(&flask_ops) )
>> panic("Flask: Unable to register with XSM.\n");
>>
>> - ret = security_load_policy(policy_buffer, policy_size);
>> + if ( policy_buffer )
>> + ret = security_load_policy(policy_buffer, policy_size);
> Question is whether policy_buffer == NULL really isn't supposed
> to result in a -E... return value (as in fact flask initialization failed).
>
> Jan
>
next prev parent reply other threads:[~2013-08-26 12:25 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-26 10:03 [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present Tomasz Wroblewski
2013-08-26 10:52 ` Andrew Cooper
2013-08-26 13:27 ` Daniel De Graaf
2013-08-26 13:32 ` Tomasz Wroblewski
2013-08-26 11:12 ` Jan Beulich
2013-08-26 12:24 ` Tomasz Wroblewski [this message]
2013-08-26 12:41 ` Andrew Cooper
2013-08-26 13:00 ` Jan Beulich
2013-08-26 13:34 ` Tomasz Wroblewski
2013-08-26 17:00 ` Tomasz Wroblewski
2013-08-27 7:13 ` Jan Beulich
2013-08-27 7:23 ` Tomasz Wroblewski
2013-08-27 7:47 ` [PATCH] xmalloc: make whole pages xfree() clear the order field (ab)used by xmalloc() Jan Beulich
2013-09-09 11:14 ` Keir Fraser
2013-08-27 8:50 ` [PATCH] Fix boot crash on xsm/flask enabled builds when no policy module is present Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=521B48FF.1040904@citrix.com \
--to=tomasz.wroblewski@citrix.com \
--cc=JBeulich@suse.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.