[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] x86/p2m: tighten old-MFN check in p2m_add_page()

  • To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 8 Feb 2023 15:40:37 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7TjoransTycJI2ib6c9uLYqwWZI2WbBm/YXVnWC/riQ=; b=YrVqfj3kxbWLMnr5jBfyTa/EhciqLXcKUdRByEiYpDexHKm1ZLAuR37OXPiR1dP0KXqxsU3QRzfJk5u9WLuyGLQMGrAxMQ5cEEBqraBO0ArDsmAUlYPBS2VwWcFuQsD5aLDyE1IMdSpC2zGjjSelCX0mcdsiy2a3RbpZ0souzFa10k7mtrGfM2zhG8y0abTuQIuZkop87su7yiqVmzJmkb6ZEtE+r4nzlVpIdTldlZzqGlxO0poVYbcs31e1Spn/7Ccq4Iu2lbsBNAEoGyr8OcFBd+8LQrUQGaXi4qIo1zeqjLv2IGFweuBgfoWNJr+4h8MiIQFABnesn1IFvq41Fg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Rg+DYWikV92fFanUpOwhcZxGlJq/ruCM5CLDg+JFbUDihhNYIG6kZNEu0LzaTo+eCDyOo7JJqsGrfLnX1by26/GEvS6K2su4M43iiRmRSoLE8qBIA9yaVRnHnkiUOYrlEv6X6DqbTyFYWK1wdBhBuzcNinQX3ZhC1dXopCByc8refTsi6a8G0s/Xtg/D4UB0hV8VeNiuT9yKIkY+KuT/lF+zNN2fpF3ZJh5aW2v2TAoC4HyYVuakmPQAwF8fiYKnoDCboaF66BSA3FBMRSenmDPtNF589fBxsT48N4lCM189v/02KWOwcsJDwKExOi+zdXdLkbg/nBjjLofxsvw+fQ==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>
  • Delivery-date: Wed, 08 Feb 2023 14:40:50 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Just ahead of the logic in question we've translated the subject MFN to
a valid original GFN, in order to then translate that GFN back to an
MFN. Restricting the call to p2m_remove_page() to the case where these
two MFNs match is too weak. Instead refuse the operation altogether when
there's a mismatch (which likely indicates a bug elsewhere in Xen).

Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
If we were certain that a mismatch indicates a bug elsewhere, we might
want to consider crashing the domain instead, to limit damage as well as
to make sure the issue is actually noticed.

--- a/xen/arch/x86/mm/p2m.c
+++ b/xen/arch/x86/mm/p2m.c
@@ -714,13 +714,19 @@ p2m_add_page(struct domain *d, gfn_t gfn
                       mfn_x(mfn_add(mfn, i)), gfn_x(ogfn),
                       gfn_x(gfn_add(gfn, i)));
             omfn = p2m->get_entry(p2m, ogfn, &ot, &a, 0, NULL, NULL);
+            if ( !mfn_eq(omfn, mfn_add(mfn, i)) )
+            {
+                P2M_DEBUG("old gfn %#lx -> mfn %#lx != mfn %#lx\n",
+                          gfn_x(ogfn), mfn_x(omfn), mfn_x(mfn) + i);
+                rc = -EXDEV;
+                goto out;
+            }
             if ( p2m_is_ram(ot) && !p2m_is_paged(ot) )
             {
                 ASSERT(mfn_valid(omfn));
                 P2M_DEBUG("old gfn=%#lx -> mfn %#lx\n",
                           gfn_x(ogfn) , mfn_x(omfn));
-                if ( mfn_eq(omfn, mfn_add(mfn, i)) &&
-                     (rc = p2m_remove_entry(p2m, ogfn, omfn, 0)) )
+                if ( (rc = p2m_remove_entry(p2m, ogfn, omfn, 0)) )
                     goto out;
             }
         }

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.