[IA64] Fix incorrect NVRAM saving if domain is destroyed by config error

Nvram saving is always executed even if a domain is destroyed by a
configuration parameter error.  In this case, Nvram saving function
will get a bad address for the NVRAM data and save garbage into the
NVRAM file. Configuring a wrong vif parameter can expose this issue.

This patch fixes the issue by adding an address check function in
NVRAM saving path.

Signed-off-by: Zhang Xin <xing.z.zhang@intel.com>

diff --git a/tools/libxc/ia64/xc_ia64_hvm_build.c b/tools/libxc/ia64/xc_ia64_hvm_build.c
index c26055bd5c6cf7e1d50d420705d6f110a696b8e7..ec5a87246a019814c3e8da65c485a192a89b982b 100644 (file)
--- a/tools/libxc/ia64/xc_ia64_hvm_build.c
+++ b/tools/libxc/ia64/xc_ia64_hvm_build.c
@@ -622,6 +622,21 @@ copy_from_nvram_to_GFW(int xc_handle, uint32_t dom, int nvram_fd)
 }
 
 
+/*
+ *Check is the address where NVRAM data located valid
+ */
+static int is_valid_address(void *addr)
+{
+    struct nvram_save_addr *p = (struct nvram_save_addr *)addr;        
+
+    if ( p->signature == NVRAM_VALID_SIG )
+        return 1;
+    else {
+        PERROR("Invalid nvram signature. Nvram save failed!\n");
+        return 0;
+    }
+}
+
 /*
  * GFW use 4k page. when doing foreign map, we should 16k align
  * the address and map one more page to guarantee all 64k nvram data 
@@ -667,7 +682,11 @@ copy_from_GFW_to_nvram(int xc_handle, uint32_t dom, int nvram_fd)
         return -1;
     }
 
-    addr_from_GFW_4k_align = *((uint64_t *)tmp_ptr);
+    /* Check is NVRAM data vaild */
+    if ( !is_valid_address(tmp_ptr) )
+        return -1;
+
+    addr_from_GFW_4k_align = ((struct nvram_save_addr *)tmp_ptr)->addr;
     munmap(tmp_ptr, PAGE_SIZE);
 
     // align address to 16k

diff --git a/xen/include/public/arch-ia64.h b/xen/include/public/arch-ia64.h
index c55fb47eada09f9a82824dca5adc1e930e5d535b..e98e850dd63766da3e17964f589965f7714e2330 100644 (file)
--- a/xen/include/public/arch-ia64.h
+++ b/xen/include/public/arch-ia64.h
@@ -117,6 +117,12 @@ typedef unsigned long xen_ulong_t;
 #define NVRAM_SIZE       (MEM_K * 64)
 #define NVRAM_START      (GFW_START + 10 * MEM_M)
 
+#define NVRAM_VALID_SIG 0x4650494e45584948             // "HIXENIPF"
+struct nvram_save_addr {
+    unsigned long addr;
+    unsigned long signature;
+};
+
 struct pt_fpreg {
     union {
         unsigned long bits[2];