[PATCH for-4.8 0/2] libxl: adjustment to initiate_domain_create

[PATCH for-4.8 0/2] libxl: adjustment to initiate_domain_create

[Wei Liu]

Wei Liu (2):
  libxl: set ret in the check for nestedhvm and altp2m
  libxl: disallow enabling PoD and ALTP2M at the same time

 tools/libxl/libxl_create.c | 9 +++++++++
 1 file changed, 9 insertions(+)

-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[PATCH for-4.8 1/2] libxl: set ret in the check for nestedhvm and altp2m

[Wei Liu]

The error path expects ret to be set, otherwise an assertion is
triggered.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
---
Cc: Ian Jackson <ian.jackson@eu.citrix.com>

Please backport to 4.6 and 4.7.
---
 tools/libxl/libxl_create.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c
index d986cd2..abd2272 100644
--- a/tools/libxl/libxl_create.c
+++ b/tools/libxl/libxl_create.c
@@ -910,6 +910,7 @@ static void initiate_domain_create(libxl__egc *egc,
     if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM &&
         (libxl_defbool_val(d_config->b_info.u.hvm.nested_hvm) &&
          libxl_defbool_val(d_config->b_info.u.hvm.altp2m))) {
+        ret = ERROR_INVAL;
         LOG(ERROR, "nestedhvm and altp2mhvm cannot be used together");
         goto error_out;
     }
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

[PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time

[Wei Liu]

That combination would cause Xen to crash.

Note that although this is a security issue, is not XSA-worthy because
ALTP2M is experimental.

Signed-off-by: Wei Liu <wei.liu2@citrix.com>
---
Move the snippet to the correct location after altp2m is correctly
initialised. Also correctly set ret before exiting.

Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Jan Beulich <JBeulich@suse.com>
Cc: George Dunlap <george.dunlap@eu.citrix.com>,
Cc: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Kevin Tian <kevin.tian@intel.com>
Cc: Jun Nakajima <jun.nakajima@intel.com>
---
 tools/libxl/libxl_create.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c
index abd2272..7c1695a 100644
--- a/tools/libxl/libxl_create.c
+++ b/tools/libxl/libxl_create.c
@@ -915,6 +915,14 @@ static void initiate_domain_create(libxl__egc *egc,
         goto error_out;
     }
 
+    if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM &&
+        libxl_defbool_val(d_config->b_info.u.hvm.altp2m) &&
+        pod_enabled) {
+        ret = ERROR_INVAL;
+        LOG(ERROR, "Cannot enable PoD and ALTP2M at the same time");
+        goto error_out;
+    }
+
     ret = libxl__domain_make(gc, d_config, &domid, &state->config);
     if (ret) {
         LOG(ERROR, "cannot make domain: %d", ret);
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time

[Tian, Kevin]

> From: Wei Liu [mailto:wei.liu2@citrix.com]
> Sent: Friday, November 04, 2016 12:42 AM
> 
> That combination would cause Xen to crash.
> 
> Note that although this is a security issue, is not XSA-worthy because
> ALTP2M is experimental.
> 
> Signed-off-by: Wei Liu <wei.liu2@citrix.com>
> ---
> Move the snippet to the correct location after altp2m is correctly
> initialised. Also correctly set ret before exiting.
> 
> Cc: Ian Jackson <ian.jackson@eu.citrix.com>
> Cc: Jan Beulich <JBeulich@suse.com>
> Cc: George Dunlap <george.dunlap@eu.citrix.com>,
> Cc: Andrew Cooper <andrew.cooper3@citrix.com>
> Cc: Kevin Tian <kevin.tian@intel.com>
> Cc: Jun Nakajima <jun.nakajima@intel.com>
> ---
>  tools/libxl/libxl_create.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c
> index abd2272..7c1695a 100644
> --- a/tools/libxl/libxl_create.c
> +++ b/tools/libxl/libxl_create.c
> @@ -915,6 +915,14 @@ static void initiate_domain_create(libxl__egc *egc,
>          goto error_out;
>      }
> 
> +    if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM &&
> +        libxl_defbool_val(d_config->b_info.u.hvm.altp2m) &&
> +        pod_enabled) {
> +        ret = ERROR_INVAL;
> +        LOG(ERROR, "Cannot enable PoD and ALTP2M at the same time");
> +        goto error_out;
> +    }
> +
>      ret = libxl__domain_make(gc, d_config, &domid, &state->config);
>      if (ret) {
>          LOG(ERROR, "cannot make domain: %d", ret);
> --
> 2.1.4

Reviewed-by: Kevin Tian <kevin.tian@intel.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [PATCH for-4.8 1/2] libxl: set ret in the check for nestedhvm and altp2m

[Ian Jackson]

Wei Liu writes ("[PATCH for-4.8 1/2] libxl: set ret in the check for nestedhvm and altp2m"):
> The error path expects ret to be set, otherwise an assertion is
> triggered.

Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

Re: [PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time

[Ian Jackson]

Wei Liu writes ("[PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time"):
> That combination would cause Xen to crash.
> 
> Note that although this is a security issue, is not XSA-worthy because
> ALTP2M is experimental.

Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel