[06/27] x86/domctl: Make XEN_DOMCTL_set_address_size singleshot

Commit Message

Andrew Cooper Jan. 4, 2017, 12:39 p.m. UTC

Toolstacks (including some out-of-tree ones) use XEN_DOMCTL_set_address_size
at most once per domain, and it ends up having a destructive effect on the
available CPUID policy for a domain.

To avoid ordering issues between altering the policy via domctl, and the
constructive effects which would have to happen from switching back to native,
explicitly reject this case.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
---
 xen/arch/x86/domain.c    | 33 +--------------------------------
 xen/arch/x86/domctl.c    | 17 ++++++-----------
 xen/include/xen/compat.h |  1 -
 3 files changed, 7 insertions(+), 44 deletions(-)

Comments

Jan Beulich Jan. 4, 2017, 2:42 p.m. UTC | #1

>>> On 04.01.17 at 13:39, <andrew.cooper3@citrix.com> wrote:
> Toolstacks (including some out-of-tree ones) use XEN_DOMCTL_set_address_size
> at most once per domain, and it ends up having a destructive effect on the
> available CPUID policy for a domain.
> 
> To avoid ordering issues between altering the policy via domctl, and the
> constructive effects which would have to happen from switching back to 
> native,
> explicitly reject this case.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>

Patch

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 3082a6c..c1f95cc 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -322,43 +322,12 @@  static void release_compat_l4(struct vcpu *v)
     v->arch.guest_table_user = pagetable_null();
 }
 
-static inline int may_switch_mode(struct domain *d)
-{
-    return (!is_hvm_domain(d) && (d->tot_pages == 0));
-}
-
-int switch_native(struct domain *d)
-{
-    struct vcpu *v;
-
-    if ( !may_switch_mode(d) )
-        return -EACCES;
-    if ( !is_pv_32bit_domain(d) && !is_pvh_32bit_domain(d) )
-        return 0;
-
-    d->arch.is_32bit_pv = d->arch.has_32bit_shinfo = 0;
-
-    for_each_vcpu( d, v )
-    {
-        free_compat_arg_xlat(v);
-
-        if ( !is_pvh_domain(d) )
-            release_compat_l4(v);
-        else
-            hvm_set_mode(v, 8);
-    }
-
-    d->arch.x87_fip_width = cpu_has_fpu_sel ? 0 : 8;
-
-    return 0;
-}
-
 int switch_compat(struct domain *d)
 {
     struct vcpu *v;
     int rc;
 
-    if ( !may_switch_mode(d) )
+    if ( is_hvm_domain(d) || d->tot_pages != 0 )
         return -EACCES;
     if ( is_pv_32bit_domain(d) || is_pvh_32bit_domain(d) )
         return 0;
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index eb71c9e..069f1fe 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -514,18 +514,13 @@  long arch_do_domctl(
         break;
 
     case XEN_DOMCTL_set_address_size:
-        switch ( domctl->u.address_size.size )
-        {
-        case 32:
+        if ( ((domctl->u.address_size.size == 64) && !d->arch.is_32bit_pv) ||
+             ((domctl->u.address_size.size == 32) && d->arch.is_32bit_pv) )
+            ret = 0;
+        else if ( domctl->u.address_size.size == 32 )
             ret = switch_compat(d);
-            break;
-        case 64:
-            ret = switch_native(d);
-            break;
-        default:
-            ret = (domctl->u.address_size.size == BITS_PER_LONG) ? 0 : -EINVAL;
-            break;
-        }
+        else
+            ret = -EINVAL;
         break;
 
     case XEN_DOMCTL_get_address_size:
diff --git a/xen/include/xen/compat.h b/xen/include/xen/compat.h
index ce913ac..0868350 100644
--- a/xen/include/xen/compat.h
+++ b/xen/include/xen/compat.h
@@ -231,7 +231,6 @@  struct vcpu_runstate_info;
 void xlat_vcpu_runstate_info(struct vcpu_runstate_info *);
 
 int switch_compat(struct domain *);
-int switch_native(struct domain *);
 
 #else