* [PATCH for-4.8 0/2] libxl: adjustment to initiate_domain_create @ 2016-11-03 16:41 Wei Liu 2016-11-03 16:41 ` [PATCH for-4.8 1/2] libxl: set ret in the check for nestedhvm and altp2m Wei Liu 2016-11-03 16:41 ` [PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time Wei Liu 0 siblings, 2 replies; 6+ messages in thread From: Wei Liu @ 2016-11-03 16:41 UTC (permalink / raw) To: Xen-devel; +Cc: Wei Liu Wei Liu (2): libxl: set ret in the check for nestedhvm and altp2m libxl: disallow enabling PoD and ALTP2M at the same time tools/libxl/libxl_create.c | 9 +++++++++ 1 file changed, 9 insertions(+) -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH for-4.8 1/2] libxl: set ret in the check for nestedhvm and altp2m 2016-11-03 16:41 [PATCH for-4.8 0/2] libxl: adjustment to initiate_domain_create Wei Liu @ 2016-11-03 16:41 ` Wei Liu 2016-11-04 14:39 ` Ian Jackson 2016-11-03 16:41 ` [PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time Wei Liu 1 sibling, 1 reply; 6+ messages in thread From: Wei Liu @ 2016-11-03 16:41 UTC (permalink / raw) To: Xen-devel; +Cc: Ian Jackson, Wei Liu The error path expects ret to be set, otherwise an assertion is triggered. Signed-off-by: Wei Liu <wei.liu2@citrix.com> --- Cc: Ian Jackson <ian.jackson@eu.citrix.com> Please backport to 4.6 and 4.7. --- tools/libxl/libxl_create.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index d986cd2..abd2272 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -910,6 +910,7 @@ static void initiate_domain_create(libxl__egc *egc, if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM && (libxl_defbool_val(d_config->b_info.u.hvm.nested_hvm) && libxl_defbool_val(d_config->b_info.u.hvm.altp2m))) { + ret = ERROR_INVAL; LOG(ERROR, "nestedhvm and altp2mhvm cannot be used together"); goto error_out; } -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH for-4.8 1/2] libxl: set ret in the check for nestedhvm and altp2m 2016-11-03 16:41 ` [PATCH for-4.8 1/2] libxl: set ret in the check for nestedhvm and altp2m Wei Liu @ 2016-11-04 14:39 ` Ian Jackson 0 siblings, 0 replies; 6+ messages in thread From: Ian Jackson @ 2016-11-04 14:39 UTC (permalink / raw) To: Wei Liu; +Cc: Xen-devel Wei Liu writes ("[PATCH for-4.8 1/2] libxl: set ret in the check for nestedhvm and altp2m"): > The error path expects ret to be set, otherwise an assertion is > triggered. Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time 2016-11-03 16:41 [PATCH for-4.8 0/2] libxl: adjustment to initiate_domain_create Wei Liu 2016-11-03 16:41 ` [PATCH for-4.8 1/2] libxl: set ret in the check for nestedhvm and altp2m Wei Liu @ 2016-11-03 16:41 ` Wei Liu 2016-11-04 5:00 ` Tian, Kevin 2016-11-04 14:39 ` Ian Jackson 1 sibling, 2 replies; 6+ messages in thread From: Wei Liu @ 2016-11-03 16:41 UTC (permalink / raw) To: Xen-devel Cc: Kevin Tian, Wei Liu, Jun Nakajima, George Dunlap, Andrew Cooper, Ian Jackson, Jan Beulich That combination would cause Xen to crash. Note that although this is a security issue, is not XSA-worthy because ALTP2M is experimental. Signed-off-by: Wei Liu <wei.liu2@citrix.com> --- Move the snippet to the correct location after altp2m is correctly initialised. Also correctly set ret before exiting. Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <JBeulich@suse.com> Cc: George Dunlap <george.dunlap@eu.citrix.com>, Cc: Andrew Cooper <andrew.cooper3@citrix.com> Cc: Kevin Tian <kevin.tian@intel.com> Cc: Jun Nakajima <jun.nakajima@intel.com> --- tools/libxl/libxl_create.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index abd2272..7c1695a 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -915,6 +915,14 @@ static void initiate_domain_create(libxl__egc *egc, goto error_out; } + if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM && + libxl_defbool_val(d_config->b_info.u.hvm.altp2m) && + pod_enabled) { + ret = ERROR_INVAL; + LOG(ERROR, "Cannot enable PoD and ALTP2M at the same time"); + goto error_out; + } + ret = libxl__domain_make(gc, d_config, &domid, &state->config); if (ret) { LOG(ERROR, "cannot make domain: %d", ret); -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time 2016-11-03 16:41 ` [PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time Wei Liu @ 2016-11-04 5:00 ` Tian, Kevin 2016-11-04 14:39 ` Ian Jackson 1 sibling, 0 replies; 6+ messages in thread From: Tian, Kevin @ 2016-11-04 5:00 UTC (permalink / raw) To: Wei Liu, Xen-devel Cc: George Dunlap, Andrew Cooper, Ian Jackson, Nakajima, Jun, Jan Beulich > From: Wei Liu [mailto:wei.liu2@citrix.com] > Sent: Friday, November 04, 2016 12:42 AM > > That combination would cause Xen to crash. > > Note that although this is a security issue, is not XSA-worthy because > ALTP2M is experimental. > > Signed-off-by: Wei Liu <wei.liu2@citrix.com> > --- > Move the snippet to the correct location after altp2m is correctly > initialised. Also correctly set ret before exiting. > > Cc: Ian Jackson <ian.jackson@eu.citrix.com> > Cc: Jan Beulich <JBeulich@suse.com> > Cc: George Dunlap <george.dunlap@eu.citrix.com>, > Cc: Andrew Cooper <andrew.cooper3@citrix.com> > Cc: Kevin Tian <kevin.tian@intel.com> > Cc: Jun Nakajima <jun.nakajima@intel.com> > --- > tools/libxl/libxl_create.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c > index abd2272..7c1695a 100644 > --- a/tools/libxl/libxl_create.c > +++ b/tools/libxl/libxl_create.c > @@ -915,6 +915,14 @@ static void initiate_domain_create(libxl__egc *egc, > goto error_out; > } > > + if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM && > + libxl_defbool_val(d_config->b_info.u.hvm.altp2m) && > + pod_enabled) { > + ret = ERROR_INVAL; > + LOG(ERROR, "Cannot enable PoD and ALTP2M at the same time"); > + goto error_out; > + } > + > ret = libxl__domain_make(gc, d_config, &domid, &state->config); > if (ret) { > LOG(ERROR, "cannot make domain: %d", ret); > -- > 2.1.4 Reviewed-by: Kevin Tian <kevin.tian@intel.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time 2016-11-03 16:41 ` [PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time Wei Liu 2016-11-04 5:00 ` Tian, Kevin @ 2016-11-04 14:39 ` Ian Jackson 1 sibling, 0 replies; 6+ messages in thread From: Ian Jackson @ 2016-11-04 14:39 UTC (permalink / raw) To: Wei Liu Cc: Kevin Tian, Jan Beulich, George Dunlap, Andrew Cooper, Jun Nakajima, Xen-devel Wei Liu writes ("[PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time"): > That combination would cause Xen to crash. > > Note that although this is a security issue, is not XSA-worthy because > ALTP2M is experimental. Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-11-04 14:40 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-11-03 16:41 [PATCH for-4.8 0/2] libxl: adjustment to initiate_domain_create Wei Liu 2016-11-03 16:41 ` [PATCH for-4.8 1/2] libxl: set ret in the check for nestedhvm and altp2m Wei Liu 2016-11-04 14:39 ` Ian Jackson 2016-11-03 16:41 ` [PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time Wei Liu 2016-11-04 5:00 ` Tian, Kevin 2016-11-04 14:39 ` Ian Jackson
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).