[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] IOMMU: make domctl handler tolerate NULL domain

  • To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 20 Apr 2022 07:52:40 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nsSefV48vyqK+Ms8U5KybfCJOn1qlBMyYbDET5XnQ/k=; b=CK0jgWEc1uQ+suMCcO1shsGnSuKqDT7FqvvYMRt0rNO1XrpsXFXBDN/QHfPXCP1ClV+DuOONBKVt+QU63IauZDdWmVCfx2dnWScM2kMveWWV1ulOGIayElEB/gRdAx3MyL+mH4+gh6ec5PdVtvIcpskHujrodrt9bOpweWHw7OGq+Y/1BjW4zdg9EeXd8+P11hkWGR51rrU80cuRR0c/Ei+NkIuVu2AQQBHQLE9+MnDAz1bCr5UMvDCVIm7ednpmTabL7yfg04a7vwA5eb+S+roerq4rwWQxDDV0/XVQSWtmqvTIGLag1wKVSypWFRnecclQ85HNVg+AUR6Ywkbv8A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cKDxO+knrPSSaF0bnUEWeJiELTWPCiStoY4aLK1eINzaw2ilEHNOSDQCYxHQm366q/FGtfiIhV3re7TP5wX7PInF035GRCWKvfCEkuR9Iq68yzwNTfmmmKTkVawUsA52sSTUrTpgpA3FxY/X3C+ozP2Mnb02OV433+SFrTysV9yNn7NClfGiXM6TE6gc0nPQ8wJBZ0OfofbjbHKeQwHOGh43mwtei2hOwoY8ls0QqDbKSGBwsHVh8BMQdhbJ31srTJ7mNhUeKwOe4GweAqYBQdmlSMHtpyyXEsm0zpHidM5IJvplh1g/cq51COB9BChqZYJXUKH51edjQB4UG0MRZg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Paul Durrant <paul@xxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 20 Apr 2022 05:52:56 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 19.04.2022 18:06, Andrew Cooper wrote:
> On 19/04/2022 16:52, Juergen Gross wrote:
>> On 19.04.22 17:48, Andrew Cooper wrote:
>>> On 19/04/2022 10:39, Jan Beulich wrote:
>>>> Besides the reporter's issue of hitting a NULL deref when
>>>> !CONFIG_GDBSX,
>>>> XEN_DOMCTL_test_assign_device can legitimately end up having NULL
>>>> passed
>>>> here, when the domctl was passed DOMID_INVALID.
>>>>
>>>> Fixes: 71e617a6b8f6 ("use is_iommu_enabled() where appropriate...")
>>>> Reported-by: Cheyenne Wills <cheyenne.wills@xxxxxxxxx>
>>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>>>>
>>>> --- a/xen/drivers/passthrough/iommu.c
>>>> +++ b/xen/drivers/passthrough/iommu.c
>>>> @@ -558,7 +558,7 @@ int iommu_do_domctl(
>>>>   {
>>>>       int ret = -ENODEV;
>>>>   -    if ( !is_iommu_enabled(d) )
>>>> +    if ( !(d ? is_iommu_enabled(d) : iommu_enabled) )
>>>>           return -EOPNOTSUPP;
>>>
>>> Having spent the better part of a day debugging this mess, this patch is
>>> plain broken.
>>>
>>> It depends on Juergen's "xen/iommu: cleanup iommu related domctl
>>> handling" patch, because otherwise it erroneously fails non-IOMMU
>>> subops.
>>
>> Which is not a real problem, as it is being called after all other
>> subops didn't match.
> 
> It is a real problem even now, because it is bogus for the host or
> domain's IOMMU status to have any alteration to the
> XEN_DOMCTL_gdbsx_guestmemio path.  The root cause of this bug is the
> existing XEN_DOMCTL_gdbsx_guestmemio case being compiled out in the
> !GDBSX case.

I find your wording ("plain broken" in particular) irritating, to put
it mildly. The change in behavior is that -EOPNOTSUPP may now be
returned for the gdbsx operation instead of -ENOSYS. And that's when
it would better have been -EOPNOTSUPP in the first place.

Apart from this I don't see a dependency on Jürgen's patch, so please
let me know if there's anything crucial I'm overlooking. Otherwise,
with two R-b, I'm intending to put in the patch irrespective of your
replies.

> It would be a more obvious problem if there were calls chained after
> iommu_do_domctl() in the arch_domctl() default: blocks, because then it
> wouldn't only be compiled-out functionality which hit this check.

But that's not the case.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.