From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dushyant Behl <myselfdushyantbehl@gmail.com>
Subject: [PATCH v2 3/3] [GSOC14] FIX:- Race condition between
	initializing shared ring and mempaging.
Date: Mon, 16 Jun 2014 23:50:51 +0530
Message-ID: <1402942851-12538-4-git-send-email-myselfdushyantbehl@gmail.com>
References: <1402942851-12538-1-git-send-email-myselfdushyantbehl@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1402942851-12538-1-git-send-email-myselfdushyantbehl@gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xen.org
Cc: David Scott <dave.scott@eu.citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Ian Jackson <ian.jackson@eu.citrix.com>, Andres Lagar Cavilla <andres@lagarcavilla.org>, Dushyant Behl <myselfdushyantbehl@gmail.com>, Ian Campbell <ian.campbell@citrix.com>
List-Id: xen-devel@lists.xenproject.org

This patch is part of the work done under the gsoc project -
Lazy Restore Using Memory Paging.

This patch is meant to fix a known race condition bug in mempaging
ring setup routines. The race conditon was between initializing
mem paging and initializing shared ring, earlier the code initialized
mem paging before removing the ring page from guest's physical map
which could enable the guest to interfere with the ring initialisation.
Now the code removes the page from the guest's physical map before
enabling mempaging so that the guest cannot clobber the ring after
we initialise it.

Signed-off-by: Dushyant Behl <myselfdushyantbehl@gmail.com>
Reviewed-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 tools/libxc/xc_mem_paging_setup.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/tools/libxc/xc_mem_paging_setup.c b/tools/libxc/xc_mem_paging_setup.c
index 679c606..a4c4798 100644
--- a/tools/libxc/xc_mem_paging_setup.c
+++ b/tools/libxc/xc_mem_paging_setup.c
@@ -73,6 +73,24 @@ int xc_mem_paging_ring_setup(xc_interface *xch,
         }
     }
 
+    /*
+     * Remove the page from guest's physical map so that the guest will not
+     * be able to break security by pretending to be toolstack for a while.
+     */
+    if ( xc_domain_decrease_reservation_exact(xch, domain_id, 1, 0, ring_page) )
+    {
+        PERROR("Failed to remove ring_page from guest physmap");
+        return -1;
+    }
+
+    DPRINTF("removed ring_page from guest physical map");
+
+    /* Initialise ring */
+    SHARED_RING_INIT((mem_event_sring_t *)ring_page);
+    BACK_RING_INIT(back_ring, (mem_event_sring_t *)ring_page, PAGE_SIZE);
+
+    DPRINTF("ininialized shared ring");
+
     /* Initialise Xen */
     rc = xc_mem_paging_enable(xch, domain_id, evtchn_port);
     if ( rc != 0 )
@@ -106,14 +124,12 @@ int xc_mem_paging_ring_setup(xc_interface *xch,
     }
     *port = rc;
 
-    /* Initialise ring */
-    SHARED_RING_INIT((mem_event_sring_t *)ring_page);
-    BACK_RING_INIT(back_ring, (mem_event_sring_t *)ring_page, PAGE_SIZE);
+    DPRINTF("enabled mempaging");
 
     /* Now that the ring is set, remove it from the guest's physmap */
     if ( xc_domain_decrease_reservation_exact(xch, domain_id, 1, 0, &ring_pfn) )
     {
-        PERROR("Failed to remove ring from guest physmap");
+        PERROR("Failed to remove ring_pfn from guest physmap");
         return -1;
     }
 
-- 
1.9.1