WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] X86 MCE: Prevent malicious guest access b

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] X86 MCE: Prevent malicious guest access broken page again
From: Xen patchbot-unstable <patchbot@xxxxxxx>
Date: Sat, 01 Oct 2011 03:33:17 +0100
Delivery-date: Fri, 30 Sep 2011 19:35:13 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir@xxxxxxx>
# Date 1317413803 -3600
# Node ID 2215d7d7382617adbe97831fe35752a027917d1d
# Parent  d568e2313fd6f055b66a6c3cb2bca6372b77692e
X86 MCE: Prevent malicious guest access broken page again

To avoid recursive mce.

Signed-off-by: Liu, Jinsong <jinsong.liu@xxxxxxxxx>
Committed-by: Keir Fraser <keir@xxxxxxx>
---


diff -r d568e2313fd6 -r 2215d7d73826 xen/arch/x86/cpu/mcheck/mce_intel.c
--- a/xen/arch/x86/cpu/mcheck/mce_intel.c       Fri Sep 30 21:15:21 2011 +0100
+++ b/xen/arch/x86/cpu/mcheck/mce_intel.c       Fri Sep 30 21:16:43 2011 +0100
@@ -657,6 +657,8 @@
     /* This is free page */
     if (status & PG_OFFLINE_OFFLINED)
         *result = MCER_RECOVERED;
+    else if (status & PG_OFFLINE_AGAIN)
+        *result = MCER_CONTINUE;
     else if (status & PG_OFFLINE_PENDING) {
         /* This page has owner */
         if (status & PG_OFFLINE_OWNED) {
diff -r d568e2313fd6 -r 2215d7d73826 xen/common/page_alloc.c
--- a/xen/common/page_alloc.c   Fri Sep 30 21:15:21 2011 +0100
+++ b/xen/common/page_alloc.c   Fri Sep 30 21:16:43 2011 +0100
@@ -38,6 +38,7 @@
 #include <xen/tmem.h>
 #include <xen/tmem_xen.h>
 #include <public/sysctl.h>
+#include <public/sched.h>
 #include <asm/page.h>
 #include <asm/numa.h>
 #include <asm/flushtlb.h>
@@ -708,6 +709,19 @@
         return -EINVAL;
     }
 
+    /*
+     * NB. When broken page belong to guest, usually hypervisor will
+     * notify the guest to handle the broken page. However, hypervisor
+     * need to prevent malicious guest access the broken page again.
+     * Under such case, hypervisor shutdown guest, preventing recursive mce.
+     */
+    if ( (pg->count_info & PGC_broken) && (owner = page_get_owner(pg)) )
+    {
+        *status = PG_OFFLINE_AGAIN;
+        domain_shutdown(owner, SHUTDOWN_crash);
+        return 0;
+    }
+
     spin_lock(&heap_lock);
 
     old_info = mark_page_offline(pg, broken);
diff -r d568e2313fd6 -r 2215d7d73826 xen/include/public/sysctl.h
--- a/xen/include/public/sysctl.h       Fri Sep 30 21:15:21 2011 +0100
+++ b/xen/include/public/sysctl.h       Fri Sep 30 21:16:43 2011 +0100
@@ -399,6 +399,7 @@
 #define PG_OFFLINE_OFFLINED  (0x1UL << 1)
 #define PG_OFFLINE_PENDING   (0x1UL << 2)
 #define PG_OFFLINE_FAILED    (0x1UL << 3)
+#define PG_OFFLINE_AGAIN     (0x1UL << 4)
 
 #define PG_ONLINE_FAILED     PG_OFFLINE_FAILED
 #define PG_ONLINE_ONLINED    PG_OFFLINE_OFFLINED

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] X86 MCE: Prevent malicious guest access broken page again, Xen patchbot-unstable <=