[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 21/22] libxc: range checks in xc_dom_p2m_host and _guest

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
From: Tim Deegan <tim@xxxxxxx>
Date: Wed, 12 Jun 2013 19:26:17 +0100
Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, mattjd@xxxxxxxxx, security@xxxxxxx
Delivery-date: Wed, 12 Jun 2013 18:26:46 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

At 17:06 +0100 on 12 Jun (1371056778), Ian Jackson wrote:
> George Dunlap writes ("Re: [Xen-devel] [PATCH 21/22] libxc: range checks in 
> xc_dom_p2m_host and _guest"):
> > On Tue, Jun 11, 2013 at 7:21 PM, Ian Jackson <ian.jackson@xxxxxxxxxxxxx> 
> > wrote:
> > > These functions take guest pfns and look them up in the p2m.  They did
> > > no range checking.
> > >
> > > However, some callers, notably xc_dom_boot.c:setup_hypercall_page want
> > > to pass untrusted guest-supplied value(s).  It is most convenient to
> > > detect this here and return INVALID_MFN.
> > >
> > > This is part of the fix to a security issue, XSA-55.
> > >
> > > Signed-off-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
> > > Cc: Tim Deegan <tim@xxxxxxx>
> > 
> > I've taken a look at where things get returned here, and it seems like
> > they should all be OK with INVALID_MFN.
> 
> Good.  Does that mean that we should promote the check to be done in
> the shadow_enabled case too ?

No - did my last reply to this get lost?  The check is not needed for
shadow-translated guests as Xen will refuse any invalid mapping requests
anyway -- AFAICS the check just protects the array access.

For HVM guests, adding this check would be incorrect, as they can have
pfns > tot-pages.

Tim.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v7 00/22] XSA55 libelf fixes for unstable
  - From: Ian Jackson
- [Xen-devel] [PATCH 21/22] libxc: range checks in xc_dom_p2m_host and _guest
  - From: Ian Jackson
- Re: [Xen-devel] [PATCH 21/22] libxc: range checks in xc_dom_p2m_host and _guest
  - From: George Dunlap
- Re: [Xen-devel] [PATCH 21/22] libxc: range checks in xc_dom_p2m_host and _guest
  - From: Ian Jackson

Prev by Date: [Xen-devel] [xen-unstable test] 18106: tolerable FAIL - PUSHED
Next by Date: Re: [Xen-devel] [BUG 1747]Guest could't find bootable device with memory more than 3600M
Previous by thread: Re: [Xen-devel] [PATCH 21/22] libxc: range checks in xc_dom_p2m_host and _guest
Next by thread: Re: [Xen-devel] [PATCH v7 00/22] XSA55 libelf fixes for unstable
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.