| Message ID | 1478191317-2755-3-git-send-email-wei.liu2@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
> From: Wei Liu [mailto:wei.liu2@citrix.com] > Sent: Friday, November 04, 2016 12:42 AM > > That combination would cause Xen to crash. > > Note that although this is a security issue, is not XSA-worthy because > ALTP2M is experimental. > > Signed-off-by: Wei Liu <wei.liu2@citrix.com> > --- > Move the snippet to the correct location after altp2m is correctly > initialised. Also correctly set ret before exiting. > > Cc: Ian Jackson <ian.jackson@eu.citrix.com> > Cc: Jan Beulich <JBeulich@suse.com> > Cc: George Dunlap <george.dunlap@eu.citrix.com>, > Cc: Andrew Cooper <andrew.cooper3@citrix.com> > Cc: Kevin Tian <kevin.tian@intel.com> > Cc: Jun Nakajima <jun.nakajima@intel.com> > --- > tools/libxl/libxl_create.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c > index abd2272..7c1695a 100644 > --- a/tools/libxl/libxl_create.c > +++ b/tools/libxl/libxl_create.c > @@ -915,6 +915,14 @@ static void initiate_domain_create(libxl__egc *egc, > goto error_out; > } > > + if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM && > + libxl_defbool_val(d_config->b_info.u.hvm.altp2m) && > + pod_enabled) { > + ret = ERROR_INVAL; > + LOG(ERROR, "Cannot enable PoD and ALTP2M at the same time"); > + goto error_out; > + } > + > ret = libxl__domain_make(gc, d_config, &domid, &state->config); > if (ret) { > LOG(ERROR, "cannot make domain: %d", ret); > -- > 2.1.4 Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Wei Liu writes ("[PATCH for-4.8 2/2] libxl: disallow enabling PoD and ALTP2M at the same time"):
> That combination would cause Xen to crash.
>
> Note that although this is a security issue, is not XSA-worthy because
> ALTP2M is experimental.
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c index abd2272..7c1695a 100644 --- a/tools/libxl/libxl_create.c +++ b/tools/libxl/libxl_create.c @@ -915,6 +915,14 @@ static void initiate_domain_create(libxl__egc *egc, goto error_out; } + if (d_config->c_info.type == LIBXL_DOMAIN_TYPE_HVM && + libxl_defbool_val(d_config->b_info.u.hvm.altp2m) && + pod_enabled) { + ret = ERROR_INVAL; + LOG(ERROR, "Cannot enable PoD and ALTP2M at the same time"); + goto error_out; + } + ret = libxl__domain_make(gc, d_config, &domid, &state->config); if (ret) { LOG(ERROR, "cannot make domain: %d", ret);
That combination would cause Xen to crash. Note that although this is a security issue, is not XSA-worthy because ALTP2M is experimental. Signed-off-by: Wei Liu <wei.liu2@citrix.com> --- Move the snippet to the correct location after altp2m is correctly initialised. Also correctly set ret before exiting. Cc: Ian Jackson <ian.jackson@eu.citrix.com> Cc: Jan Beulich <JBeulich@suse.com> Cc: George Dunlap <george.dunlap@eu.citrix.com>, Cc: Andrew Cooper <andrew.cooper3@citrix.com> Cc: Kevin Tian <kevin.tian@intel.com> Cc: Jun Nakajima <jun.nakajima@intel.com> --- tools/libxl/libxl_create.c | 8 ++++++++ 1 file changed, 8 insertions(+)