Xen project Mailing List

Re: [Xen-devel] [PATCH] x86: (allow to) override LIST_POISON*

To: Jan Beulich <JBeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 14 Nov 2014 14:55:59 +0000

Cc: Ian Campbell <Ian.Campbell@xxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>

Delivery-date: Fri, 14 Nov 2014 14:56:11 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 14/11/14 14:52, Jan Beulich wrote: > Having these point into space not controlled by the hypervisor provides > an unnecessary attack surface. Allow architectures to override them and > utilize that override to make them non-canonical addresses (thus > causing #GP rather than #PF when dereferenced). > > Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> > --- > The security aspect of this makes Andrew and me think this should be > considered for 4.5 despite it not fixing an actual bug. > > --- a/xen/include/asm-x86/config.h > +++ b/xen/include/asm-x86/config.h > @@ -106,6 +106,10 @@ > /* Return value for zero-size _xmalloc(), distinguished from NULL. */ > #define ZERO_BLOCK_PTR ((void *)0xBAD0BAD0BAD0BAD0UL) > > +/* Override include/xen/list.h to make these non-canonical addresses. */ > +#define LIST_POISON1 ((void *)0x0100100100100100UL) > +#define LIST_POISON2 ((void *)0x0200200200200200UL) > + > #ifndef __ASSEMBLY__ > extern unsigned long trampoline_phys; > #define bootsym_phys(sym) \ > --- a/xen/include/xen/list.h > +++ b/xen/include/xen/list.h > @@ -10,12 +10,15 @@ > #include <xen/lib.h> > #include <asm/system.h> > > -/* These are non-NULL pointers that will result in page faults > - * under normal circumstances, used to verify that nobody uses > - * non-initialized list entries. > +/* > + * These are non-NULL pointers that will result in faults under normal > + * circumstances, used to verify that nobody uses non-initialized list > + * entries. Architectures can override these. > */ > +#ifndef LIST_POISON1 > #define LIST_POISON1 ((void *) 0x00100100) > #define LIST_POISON2 ((void *) 0x00200200) > +#endif > > /* > * Simple doubly linked list implementation. > > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.