x86/monitor: disallow setting mem_access_emulate_each_rep when vm_event is NULL

It is meaningless (and potentially dangerous - see hvmemul_virtual_to_linear())
to set mem_access_emulate_each_rep before xc_monitor_enable() (which allocates
vcpu->arch.vm_event) has been called, so return an error from the
XEN_DOMCTL_MONITOR_OP_EMULATE_EACH_REP hypercall when that is the case.

Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citirx.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Tamas K Lengyel <tamas@tklengyel.com>

diff --git a/xen/include/asm-x86/monitor.h b/xen/include/asm-x86/monitor.h
index 0954b5904e2d6984f76638734df068dfcab32d70..d367099cbb55c520bb6ba75d79f38b2fc2ff43bb 100644 (file)
--- a/xen/include/asm-x86/monitor.h
+++ b/xen/include/asm-x86/monitor.h
@@ -32,19 +32,29 @@
 static inline
 int arch_monitor_domctl_op(struct domain *d, struct xen_domctl_monitor_op *mop)
 {
+    int rc = 0;
+
     switch ( mop->op )
     {
     case XEN_DOMCTL_MONITOR_OP_EMULATE_EACH_REP:
         domain_pause(d);
-        d->arch.mem_access_emulate_each_rep = !!mop->event;
+        /*
+         * Enabling mem_access_emulate_each_rep without a vm_event subscriber
+         * is meaningless.
+         */
+        if ( d->max_vcpus && d->vcpu[0] && d->vcpu[0]->arch.vm_event )
+            d->arch.mem_access_emulate_each_rep = !!mop->event;
+        else
+            rc = -EINVAL;
+
         domain_unpause(d);
         break;
 
     default:
-        return -EOPNOTSUPP;
+        rc = -EOPNOTSUPP;
     }
 
-    return 0;
+    return rc;
 }
 
 int arch_monitor_domctl_event(struct domain *d,