This is not just for consistency with "base" context updates, but
actually needed so that guest side accesses can't race with control
domain side updates.
This would have been a security issue if XSA-77 hadn't waived them on
the affected domctl operation.
While looking at the code I also spotted a redundant NULL check in the
"base" context update handling code, which is being removed.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Release-acked-by: George Dunlap <george.dunlap@eu.citrix.com>
}
else
{
+ if ( d == current->domain ) /* no domain_pause() */
+ break;
ret = -EINVAL;
if ( evc->size < offsetof(typeof(*evc), vmce) )
break;
if ( !is_canonical_address(evc->sysenter_callback_eip) ||
!is_canonical_address(evc->syscall32_callback_eip) )
break;
+ domain_pause(d);
fixup_guest_code_selector(d, evc->sysenter_callback_cs);
v->arch.pv_vcpu.sysenter_callback_cs =
evc->sysenter_callback_cs;
(evc->syscall32_callback_cs & ~3) ||
evc->syscall32_callback_eip )
break;
+ else
+ domain_pause(d);
BUILD_BUG_ON(offsetof(struct xen_domctl_ext_vcpucontext,
mcg_cap) !=
}
else
ret = 0;
+
+ domain_unpause(d);
}
}
break;
unsigned int vcpu = op->u.vcpucontext.vcpu;
struct vcpu *v;
- ret = -ESRCH;
- if ( d == NULL )
- break;
-
ret = -EINVAL;
if ( (d == current->domain) || /* no domain_pause() */
(vcpu >= d->max_vcpus) || ((v = d->vcpu[vcpu]) == NULL) )
projects / xen.git / commitdiff