From: Andrew Cooper Date: Thu, 16 Nov 2017 21:10:00 +0000 (+0000) Subject: tools/libxc: Fix restoration of PV MSRs after migrate X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~1024 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f1a0a8c3fe2fb37c77ec1fe43618feef412427b5;p=xen.git tools/libxc: Fix restoration of PV MSRs after migrate There are two bugs in process_vcpu_msrs() which clearly demonstrate that I didn't test this bit of Migration v2 very well when writing it... vcpu->msrsz is always expected to be a multiple of xen_domctl_vcpu_msr_t records in a spec-compliant stream, so the modulo yields 0 for the msr_count, rather than the actual number sent in the stream. Passing 0 for the msr_count causes the hypercall to exit early, and hides the fact that the guest handle is inserted into the wrong field in the domctl union. The reason that these bugs have gone unnoticed for so long is that the only MSRs passed like this for PV guests are the AMD DBGEXT MSRs, which only exist in fairly modern hardware, and whose use doesn't appear to be implemented in any contemporary PV guests. Signed-off-by: Andrew Cooper Reviewed-by: Wei Liu Reviewed-by: Jan Beulich Release-acked-by: Julien Grall --- diff --git a/tools/libxc/xc_sr_restore_x86_pv.c b/tools/libxc/xc_sr_restore_x86_pv.c index 50e25c162c..ed0fd0ead9 100644 --- a/tools/libxc/xc_sr_restore_x86_pv.c +++ b/tools/libxc/xc_sr_restore_x86_pv.c @@ -455,8 +455,8 @@ static int process_vcpu_msrs(struct xc_sr_context *ctx, domctl.cmd = XEN_DOMCTL_set_vcpu_msrs; domctl.domain = ctx->domid; domctl.u.vcpu_msrs.vcpu = vcpuid; - domctl.u.vcpu_msrs.msr_count = vcpu->msrsz % sizeof(xen_domctl_vcpu_msr_t); - set_xen_guest_handle(domctl.u.vcpuextstate.buffer, buffer); + domctl.u.vcpu_msrs.msr_count = vcpu->msrsz / sizeof(xen_domctl_vcpu_msr_t); + set_xen_guest_handle(domctl.u.vcpu_msrs.msrs, buffer); memcpy(buffer, vcpu->msr, vcpu->msrsz);