[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] ioreq: don't (deliberately) crash Dom0

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Mon, 1 Feb 2021 16:22:01 +0100
Cc: Paul Durrant <paul@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>
Delivery-date: Mon, 01 Feb 2021 15:22:10 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

We consider this error path of hvm_alloc_ioreq_mfn() to not be possible
to be taken, or otherwise to indicate abuse or a bug somewhere. If there
is abuse of some kind, crashing Dom0 here would mean a system-wide DoS.
Only crash the emulator domain if it's not the (global) control domain;
crash only the guest being serviced otherwise.

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/common/ioreq.c
+++ b/xen/common/ioreq.c
@@ -274,7 +274,7 @@ static int hvm_alloc_ioreq_mfn(struct hv
          * The domain can't possibly know about this page yet, so failure
          * here is a clear indication of something fishy going on.
          */
-        domain_crash(s->emulator);
+        domain_crash(is_control_domain(s->emulator) ? s->target : s->emulator);
         return -ENODATA;
     }

Follow-Ups:
- Re: [PATCH] ioreq: don't (deliberately) crash Dom0
  - From: Andrew Cooper

Prev by Date: Re: [PATCH] x86/build: correctly record dependencies of asm-offsets.s [and 1 more messages]
Next by Date: Re: Xen 4.14.1 on RPI4: device tree generation failed
Previous by thread: Re: [PATCH v3 2/2] define GNU_SOURCE for asprintf()
Next by thread: Re: [PATCH] ioreq: don't (deliberately) crash Dom0
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.