On 09/08/18 11:55, Roger Pau Monné wrote:
> On Thu, Aug 09, 2018 at 11:31:58AM +0100, Andrew Cooper wrote:
>> For reasons which appear to be exclusively down to poor review of the grant
>> table v2 code, a grant table's version field was wasn't initialised during
>> creation.
>>
>> A number of problems (including XSAs) have occurred in the past trying trying
>> to use a grant table which hasn't been properly set up, and various areas of
>> the code cope with v0 by defaulting to v1.
>>
>> In particular, the toolstack using GNTTABOP_setup_table to be able to fill in
>> the store/console grants has a side effect of switching to v1.
>>
>> In hindsight however, this "fixup if we see 0" is a very poor, with a
>> substantial degree of risk. Explicitly default to grant table v1 during
>> domain create, and let the rest of the code work safely in the knowledge that
>> the version is sensibly set.
>>
>> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
> Reviewed-by: Roger Pau Monné <roger....@citrix.com>
>
> I would however keep the current gt_version != 0 asserts, and change
> the if ( gt_version == 0 ) into ASSERT(gt_version != 0);
No - they are not correct either, because they will pass for 3 or greater.
I've got some cleanup plans which will turn a load of this into
switch ( gt->gt_version )
{
case 1: ...
case 2: ...
default: ASSERT_UNREACHABLE();
}
but that is definitely work for later.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
