For guests with paging mode external, guest_handle_okay() always returns
success, even if the guest handle is invalid (e.g. address not in P2M).
In VCPUOP_register_runstate_memory_area, we would then blindly set
runstate_guest() for a given vCPU to invalid handle. Moreover, we don't
check the return value from __copy_to_guest() and return success to the
guest, even in case of a failure during copy. Fix it, by checking the
return value from __copy_to_guest() and set runstate_guest() only on
success.
Signed-off-by: Michal Orzel <michal.or...@amd.com>
---
I'm not sure what would be the appropriate commit for a Fixes tag. Arm port
only moved this code to common in 8968bafa3170d46d21d8f6ee2d0856f270c864ad,
so if at all, it would be:
Fixes: 8968bafa3170 ("xen: move VCPUOP_register_runstate_memory_area to common
code")
---
xen/common/domain.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/xen/common/domain.c b/xen/common/domain.c
index 92263a4fbdc5..3f6fb0798fa3 100644
--- a/xen/common/domain.c
+++ b/xen/common/domain.c
@@ -2046,19 +2046,21 @@ long common_vcpu_op(int cmd, struct vcpu *v,
XEN_GUEST_HANDLE_PARAM(void) arg)
if ( !guest_handle_okay(area.addr.h, 1) )
break;
- rc = 0;
- runstate_guest(v) = area.addr.h;
-
if ( v == current )
{
- __copy_to_guest(runstate_guest(v), &v->runstate, 1);
+ if ( __copy_to_guest(area.addr.h, &v->runstate, 1) )
+ break;
}
else
{
vcpu_runstate_get(v, &runstate);
- __copy_to_guest(runstate_guest(v), &runstate, 1);
+ if ( __copy_to_guest(area.addr.h, &runstate, 1) )
+ break;
}
+ rc = 0;
+ runstate_guest(v) = area.addr.h;
+
break;
}
--
2.25.1
