[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 4/4] xen/arm: Correct the p2m pool size calculations
- To: Henry Wang <Henry.Wang@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
- From: Julien Grall <julien@xxxxxxx>
- Date: Fri, 11 Nov 2022 10:54:00 +0000
- Cc: Xen Security Team <security@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
- Delivery-date: Fri, 11 Nov 2022 10:54:21 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 11/11/2022 10:11, Henry Wang wrote:
-----Original Message-----
Subject: [PATCH 4/4] xen/arm: Correct the p2m pool size calculations
Allocating or freeing p2m pages doesn't alter the size of the mempool; only
the split between free and used pages.
Right now, the hypercalls operate on the free subset of the pool, meaning
that
XEN_DOMCTL_get_p2m_mempool_size varies with time as the guest shuffles
its
physmap, and XEN_DOMCTL_set_p2m_mempool_size ignores the used
subset of the
pool and lets the guest grow unbounded.
This fixes test-p2m-pool on ARM so that the behaviour matches x86.
This is part of XSA-409 / CVE-2022-33747.
Fixes: cbea5a1149ca ("xen/arm: Allocate and free P2M pages from the P2M
pool")
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Release-acked-by: Henry Wang <Henry.Wang@xxxxxxx>
Hi Arm maintainers, may I ask for a reviewed-by/ack from you for the
correctness of the code in the release? Thank you very much!
Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>
Cheers,
--
Julien Grall
|
