From mboxrd@z Thu Jan  1 00:00:00 1970
From: Keir Fraser <keir.xen@gmail.com>
Subject: Re: [PATCH 5/5] x86/PV: don't commit debug register
 values early in arch_set_info_guest()
Date: Tue, 10 Dec 2013 18:17:54 +0000
Message-ID: <CECD0B52.447A8%keir.xen@gmail.com>
References: <52A7505E.5060301@eu.citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <keir.xen@gmail.com>) id 1VqRsi-0002Q2-MO
	for xen-devel@lists.xenproject.org; Tue, 10 Dec 2013 18:18:04 +0000
Received: by mail-we0-f170.google.com with SMTP id w61so5457063wes.1
	for <xen-devel@lists.xenproject.org>;
	Tue, 10 Dec 2013 10:18:03 -0800 (PST)
In-Reply-To: <52A7505E.5060301@eu.citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: George Dunlap <george.dunlap@eu.citrix.com>, Jan Beulich <JBeulich@suse.com>, xen-devel <xen-devel@lists.xenproject.org>
List-Id: xen-devel@lists.xenproject.org

On 10/12/2013 17:33, "George Dunlap" <george.dunlap@eu.citrix.com> wrote:

> On 12/10/2013 03:48 PM, Jan Beulich wrote:
>> They're being taken care of later (via set_debugreg()), and temporarily
>> copying them into struct vcpu means that bad values may end up getting
>> loaded during context switch if the vCPU is already running and the
>> function errors out between the premature and real commit step, leading
>> to the same issue that XSA-12 dealt with.
>> 
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>> Acked-by: Ian Campbell <ian.campbell@citrix.com>
> 
> Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>

Acked-by: Keir Fraser <keir@xen.org>

>> 
>> --- a/xen/arch/x86/domain.c
>> +++ b/xen/arch/x86/domain.c
>> @@ -740,11 +740,12 @@ int arch_set_info_guest(
>>               XLAT_trap_info(v->arch.pv_vcpu.trap_ctxt + i,
>>                              c.cmp->trap_ctxt + i);
>>       }
>> -    for ( i = 0; i < ARRAY_SIZE(v->arch.debugreg); ++i )
>> -        v->arch.debugreg[i] = c(debugreg[i]);
>>   
>>       if ( has_hvm_container_vcpu(v) )
>>       {
>> +        for ( i = 0; i < ARRAY_SIZE(v->arch.debugreg); ++i )
>> +            v->arch.debugreg[i] = c(debugreg[i]);
>> +
>>           /*
>>            * NB: TF_kernel_mode is set unconditionally for HVM guests,
>>            * so we always use the gs_base_kernel here. If we change this
>> 
>> 
>> 
>