[xen stable-4.8] x86/hvm: Disallow the creation of HVM domains without Local APIC emulation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[xen stable-4.8] x86/hvm: Disallow the creation of HVM domains without Local APIC emulation

patchbot
commit 1093876034e00a74735c9e88a191210f1e50803b
Author:     Andrew Cooper <[hidden email]>
AuthorDate: Tue Feb 27 14:29:12 2018 +0100
Commit:     Jan Beulich <[hidden email]>
CommitDate: Tue Feb 27 14:29:12 2018 +0100

    x86/hvm: Disallow the creation of HVM domains without Local APIC emulation
   
    There are multiple problems, not necesserily limited to:
   
     * Guests which configure event channels via hvmop_set_evtchn_upcall_vector(),
       or which hit %cr8 emulation will cause Xen to fall over a NULL vlapic->regs
       pointer.
   
     * On Intel hardware, disabling the TPR_SHADOW execution control without
       reenabling CR8_{LOAD,STORE} interception means that the guests %cr8
       accesses interact with the real TPR.  Amongst other things, setting the
       real TPR to 0xf blocks even IPIs from interrupting this CPU.
   
     * On hardware which sets up the use of Interrupt Posting, including
       IOMMU-Posting, guests run without the appropriate non-root configuration,
       which at a minimum will result in dropped interrupts.
   
    Whether no-LAPIC mode is of any use at all remains to be seen.
   
    This is XSA-256.
   
    Reported-by: Ian Jackson <[hidden email]>
    Signed-off-by: Andrew Cooper <[hidden email]>
    Reviewed-by: Roger Pau Monné <[hidden email]>
    Reviewed-by: Jan Beulich <[hidden email]>
    master commit: 0aa6158b674c5d083b75ac8fcd1e7ae92d0c39ae
    master date: 2018-02-27 14:08:36 +0100
---
 xen/arch/x86/domain.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 013a1d2..e8a6b5b 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -568,11 +568,9 @@ int arch_domain_create(struct domain *d, unsigned int domcr_flags,
             return -EINVAL;
         }
 
-        /* PVHv2 guests can request emulated APIC. */
-        if ( emflags &&
-            (is_hvm_domain(d) ? ((emflags != XEN_X86_EMU_ALL) &&
-                                 (emflags != XEN_X86_EMU_LAPIC)) :
-                                (emflags != XEN_X86_EMU_PIT)) )
+        if ( is_hvm_domain(d) ? ((emflags != XEN_X86_EMU_ALL) &&
+                                 (emflags != XEN_X86_EMU_LAPIC))
+                              : (emflags && emflags != XEN_X86_EMU_PIT) )
         {
             printk(XENLOG_G_ERR "d%d: Xen does not allow %s domain creation "
                    "with the current selection of emulators: %#x\n",
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.8


_______________________________________________
Xen-changelog mailing list
[hidden email]
https://lists.xenproject.org/xen-changelog