Re: [PATCH] libxc: Pause & unpause the domain in xc_mem_event_enable based on its initial state.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Tamas K Lengyel <tamas.lengyel@zentific.com>,
	xen-devel@lists.xenproject.org
Cc: Tamas K Lengyel <tamas.k.lengyel@tum.de>,
	ian.jackson@eu.citrix.com, ian.campbell@citrix.com,
	stefano.stabellini@eu.citrix.com
Subject: Re: [PATCH] libxc: Pause & unpause the domain in xc_mem_event_enable based on its initial state.
Date: Mon, 30 Jun 2014 15:21:36 +0100	[thread overview]
Message-ID: <53B17270.4010903@citrix.com> (raw)
In-Reply-To: <1404135906-6224-1-git-send-email-tamas.k.lengyel@tum.de>

On 30/06/14 14:45, Tamas K Lengyel wrote:
> In an attempt to mitigate XSA-99, xc_mem_event_enable ensures that the domain is paused
> for the duration of the event ring setup. However, it disregards the initial state of
> the domain, which might already be paused, resulting in 1) an uneccessary hypercall to
> pause it again and 2) unpauses it unconditionally which is an opaque and potentially
> unwanted side-effect. This patch fixes both issues.
>
> Signed-off-by: Tamas K Lengyel <tamas.k.lengyel@tum.de>
> ---
>  tools/libxc/xc_mem_event.c | 30 +++++++++++++++++++++++++-----
>  1 file changed, 25 insertions(+), 5 deletions(-)
>
> diff --git a/tools/libxc/xc_mem_event.c b/tools/libxc/xc_mem_event.c
> index 0b2eecb..5cf74d0 100644
> --- a/tools/libxc/xc_mem_event.c
> +++ b/tools/libxc/xc_mem_event.c
> @@ -62,6 +62,7 @@ void *xc_mem_event_enable(xc_interface *xch, domid_t domain_id, int param,
>      void *ring_page = NULL;
>      unsigned long pfn;
>      xen_pfn_t ring_pfn, mmap_pfn;
> +    xc_domaininfo_t dom_info;
>      unsigned int op, mode;
>      int rc1, rc2, saved_errno;
>  
> @@ -71,14 +72,24 @@ void *xc_mem_event_enable(xc_interface *xch, domid_t domain_id, int param,
>          return NULL;
>      }
>  
> -    /* Pause the domain for ring page setup */
> -    rc1 = xc_domain_pause(xch, domain_id);
> -    if ( rc1 != 0 )
> +    rc1 = xc_domain_getinfolist(xch, domain_id, 1, &dom_info);
> +    if ( rc1 != 1 || dom_info.domain != domain_id )
>      {
> -        PERROR("Unable to pause domain\n");
> +        PERROR("Error getting domain info\n");
>          return NULL;
>      }
>  
> +    /* Pause the domain for ring page setup if it isn't already */
> +    if( !(dom_info.flags & XEN_DOMINF_paused) )
> +    {
> +        rc1 = xc_domain_pause(xch, domain_id);
> +        if ( rc1 != 0 )
> +        {
> +            PERROR("Unable to pause domain\n");
> +            return NULL;
> +        }
> +    }

As indicated in the other thread regarding the correctness of properly
refcounting in Xen, this is a TOCTOU race which doesn't fix the problem
in the general case.

It is my opinion that this is impossible to correctly fix in the dom0
userspace.

~Andrew

next prev parent reply	other threads:[~2014-06-30 14:25 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-30 13:45 [PATCH] libxc: Pause & unpause the domain in xc_mem_event_enable based on its initial state Tamas K Lengyel
2014-06-30 14:21 ` Andrew Cooper [this message]
2014-06-30 14:33   ` Tamas K Lengyel
2014-06-30 14:40     ` Andrew Cooper
2014-06-30 14:46       ` Tamas K Lengyel
     [not found]         ` <CAGU+auv8ESpyu2QaE=_kO2AxuNrkn0AdyDzr2QOv5A01V3SEEA@mail.gmail.com>
2014-06-30 22:54           ` Aravindh Puthiyaparambil (aravindp)
2014-07-01  8:02             ` Jan Beulich
2014-07-01 16:35               ` Aravindh Puthiyaparambil (aravindp)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53B17270.4010903@citrix.com \
    --to=andrew.cooper3@citrix.com \
    --cc=ian.campbell@citrix.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=stefano.stabellini@eu.citrix.com \
    --cc=tamas.k.lengyel@tum.de \
    --cc=tamas.lengyel@zentific.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.