Xen project Mailing List

Re: [PATCH] xen/memory: Reject out-of-range resource 'frame' values

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Fri, 29 Jan 2021 09:32:53 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YP0PrijEjZrAJGSu1qsypr6VxfVsHpHFcUZgWvWCsxo=; b=BXjS46lRYHHdK9dXwpviwDixeDiNVGnVPAlmlOScNW2pFE9DVy6/3Z90Ivl8pJYqzFobaMSAhIR7t1RWijPcFUSErnD+h2b1tvZ+7BMZLA60n9MA87DIx8A62zqWLPmdkvmX4mAm0YxWbO0J0HnaCPNbT2NDCJZK8nq3BEhv4EaF7J8Pk1M/OhCavPJLXkOuWDnuxoGfV5i72wKUEJSKaIVH+VURMxYmsoEaA2/uxvAxdvNTtR/iCRi/Mcph9O70ZCTtXnAZsfp2Rnpdk8Zc+hY/UWbF8HhVlXJPV4+H2TvKd8ip1wrVqL72VGIhC0qJlcwV7wmPhoDA5WDXInP1tA==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e+E+Pz1pzUa13DMTg3TyKD6A6IfAASp2u32FHG/9D2TUwLZxcK72KF9V2ROH+svEOqade3mbB5M8l2ykdbTYcAbTPRA0G7bDlE5te1V6AH2c05l64QcbcFbuesfoFabmwbxWYeu/wBuOh2RYfAf3dgS1BvsXeKW8yp4U7wWjX/UimIK1gS3lk0F9O0/kZnkVrtF83a2nQaSLJrI/X4t4qL3ZJyb55Tf606xx7CbzLhvZ+QSzVy/wO64Pjk16BbmjMw/31gBipLVcLKX+Q2RdHc333Op81Z+OICWCWFgWq24ihGyqgTJ2dou0xGyw7VvgNJfZqubtyCzyS3eSpCieqg==

Authentication-results: esa6.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Paul Durrant <paul@xxxxxxx>, Oleksandr Tyshchenko <oleksandr_tyshchenko@xxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Fri, 29 Jan 2021 09:33:20 +0000

Ironport-sdr: lzQFdzk6i+j5a+oRnKKbHno4GQqhFy9s2NpfxQe/cZblAIoAdCWuGnXl/trDHfb4QcxqZHFZzd KZGJVqh9zKZSnONo3D9CHsQyd0f9WRfcccqgXQIC9Mkpqj0Xr8+e3DQDA48XZ3WaLms6LnUshG TA4WrbJvPpKo3bRb6KIom5DVcL1JPxMnOfRVWvA+tqjJPRknA+s2iwtYrc1Dj+Y1cML7TYHhUx epyiIb3U4mKURw7tmObRw35zG7m5H5hzB6txRmD3P/PuCSEgBZKaLEn6dxL1qVr4X8yz6j941c WO4=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 29/01/2021 09:15, Jan Beulich wrote: > On 28.01.2021 17:06, Andrew Cooper wrote: >> --- a/xen/common/memory.c >> +++ b/xen/common/memory.c >> @@ -1054,7 +1054,7 @@ static long xatp_permission_check(struct domain *d, >> unsigned int space) >> } >> >> static int acquire_grant_table(struct domain *d, unsigned int id, >> - unsigned long frame, >> + unsigned int frame, >> unsigned int nr_frames, >> xen_pfn_t mfn_list[]) >> { > Doesn't this want carrying forward into > gnttab_get_{shared,status}_frame() as well? Of course further > cleanup here can also be done at a later point, but it leaves > things in a somewhat inconsistent state. I'd like to leave it > up to you to commit with Paul's R-b as is, or extend the > adjustments and then also add mine. In the series, those functions are deleted by the next patch. What's the likelihood that you'll choose to backport this? I can extend it if needs be. > >> --- a/xen/include/asm-x86/mm.h >> +++ b/xen/include/asm-x86/mm.h >> @@ -641,7 +641,7 @@ static inline bool arch_mfn_in_directmap(unsigned long >> mfn) >> } >> >> int arch_acquire_resource(struct domain *d, unsigned int type, >> - unsigned int id, unsigned long frame, >> + unsigned int id, unsigned int frame, >> unsigned int nr_frames, xen_pfn_t mfn_list[]); > Same here wrt hvm_get_ioreq_server_frame(). This one isn't. I'll adjust. ~Andrew

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.