Xen devel - Jan 2013 - [PATCH] x86/nestedhvm: properly clean up after failure to set up all vCPU-s

This implies that the individual destroy functions will have to remain
capable of being called for a vCPU that the corresponding init function
was never run on.

Once at it, also clean up some inefficiencies in the corresponding
parameter validation code.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3900,20 +3900,25 @@ long do_hvm_op(unsigned long op, XEN_GUE
                     rc = -EPERM;
                     break;
                 }
+                if ( !a.value )
+                    break;
                 if ( a.value > 1 )
                     rc = -EINVAL;
-                if ( !is_hvm_domain(d) )
-                    rc = -EINVAL;
                 /* Remove the check below once we have
                  * shadow-on-shadow.
                  */
-                if ( cpu_has_svm && !paging_mode_hap(d) &&
a.value )
+                if ( cpu_has_svm && !paging_mode_hap(d) )
                     rc = -EINVAL;
                 /* Set up NHVM state for any vcpus that are already up */
                 if ( !d->arch.hvm_domain.params[HVM_PARAM_NESTEDHVM] )
+                {
                     for_each_vcpu(d, v)
                         if ( rc == 0 )
                             rc = nestedhvm_vcpu_initialise(v);
+                    if ( rc )
+                        for_each_vcpu(d, v)
+                            nestedhvm_vcpu_destroy(v);
+                }
                 break;
             case HVM_PARAM_BUFIOREQ_EVTCHN:
                 rc = -EINVAL;
--- a/xen/arch/x86/hvm/nestedhvm.c
+++ b/xen/arch/x86/hvm/nestedhvm.c
@@ -87,7 +87,7 @@ nestedhvm_vcpu_initialise(struct vcpu *v
 void
 nestedhvm_vcpu_destroy(struct vcpu *v)
 {
-    if ( nestedhvm_enabled(v->domain) && hvm_funcs.nhvm_vcpu_destroy
)
+    if ( hvm_funcs.nhvm_vcpu_destroy )
         hvm_funcs.nhvm_vcpu_destroy(v);
 }
 





_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

On 23/01/2013 14:24, "Jan Beulich" <JBeulich@suse.com> wrote:
> This implies that the individual destroy functions will have to remain
> capable of being called for a vCPU that the corresponding init function
> was never run on.
> 
> Once at it, also clean up some inefficiencies in the corresponding
> parameter validation code.
> 
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

But doubtless should have a nestedhvm maintainer ack too.

>>> On 23.01.13 at 16:17, Keir Fraser <keir@xen.org> wrote:
> On 23/01/2013 14:24, "Jan Beulich" <JBeulich@suse.com>
wrote:
> 
>> This implies that the individual destroy functions will have to remain
>> capable of being called for a vCPU that the corresponding init function
>> was never run on.
>> 
>> Once at it, also clean up some inefficiencies in the corresponding
>> parameter validation code.
>> 
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> Acked-by: Keir Fraser <keir@xen.org>
> 
> But doubtless should have a nestedhvm maintainer ack too.
Whoever that is. This was actually the first patch for XSA-35, so
would have gone in without people seeing this who didn''t already
(and who one way or another approved of it).

Jan

On 23/01/2013 15:57, "Jan Beulich" <JBeulich@suse.com> wrote:
>>>> On 23.01.13 at 16:17, Keir Fraser <keir@xen.org> wrote:
>> On 23/01/2013 14:24, "Jan Beulich" <JBeulich@suse.com>
wrote:
>> 
>>> This implies that the individual destroy functions will have to
remain
>>> capable of being called for a vCPU that the corresponding init
function
>>> was never run on.
>>> 
>>> Once at it, also clean up some inefficiencies in the corresponding
>>> parameter validation code.
>>> 
>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>> 
>> Acked-by: Keir Fraser <keir@xen.org>
>> 
>> But doubtless should have a nestedhvm maintainer ack too.
> 
> Whoever that is. This was actually the first patch for XSA-35, so
> would have gone in without people seeing this who didn''t already
> (and who one way or another approved of it).
Maybe an Ack from a nvmx maintainer at least?

 -- Keir
> Jan
>

>>> On 23.01.13 at 17:46, Keir Fraser <keir@xen.org> wrote:
> On 23/01/2013 15:57, "Jan Beulich" <JBeulich@suse.com>
wrote:
> 
>>>>> On 23.01.13 at 16:17, Keir Fraser <keir@xen.org>
wrote:
>>> On 23/01/2013 14:24, "Jan Beulich"
<JBeulich@suse.com> wrote:
>>> 
>>>> This implies that the individual destroy functions will have to
remain
>>>> capable of being called for a vCPU that the corresponding init
function
>>>> was never run on.
>>>> 
>>>> Once at it, also clean up some inefficiencies in the
corresponding
>>>> parameter validation code.
>>>> 
>>>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>>> 
>>> Acked-by: Keir Fraser <keir@xen.org>
>>> 
>>> But doubtless should have a nestedhvm maintainer ack too.
>> 
>> Whoever that is. This was actually the first patch for XSA-35, so
>> would have gone in without people seeing this who didn''t
already
>> (and who one way or another approved of it).
> 
> Maybe an Ack from a nvmx maintainer at least?
Jun, Eddie?

Thanks, Jan