[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN v6 10/12] xen/arm: domain_build: Check if the address fits the range of physical address

  • To: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Michal Orzel <michal.orzel@xxxxxxx>
  • Date: Thu, 4 May 2023 16:02:26 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/7oE9mA49/oLEJUa5lypAPBMHC8yVI2C9QFL9UWflj8=; b=i8hAokqmN1I8/l3aqQ7adZFb6fycX/ePDJ8pU7k5AJ3D3GMTPvpuhWn9RJKP+4rb/83zUBsfxSDP6/hIadR6bJBJYtkzTXqJqq2QeKJsKZAR91bSgVAqxxTRFAYAWhxTL0SCW7GB08UNkOTfVcJ/CfCM2bJgSeWWBcIWGNz8UXX8XiHY2WYIqZGF2XWpLQVCG8HnO2KZIOnEBTQehkIKTMPEPsMbhL7nswIyUEKhftjcK3FvL3WEXZ2pEkkb8DwxZaKzY5gas4jJcR9PuNcUTS6S5Oq19qQjIxHpQxR9U/YWMikwfXfJWurAiugRfQ82R4YI/p83cdILsGqRdbU5OA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nJRHdZQmxg0Es0JNCevGX8G2QRF48Blkqr8RKMYwZnWYmIbPSXXV/hL+gv8gquSQFhM3WdOd3Ay9eQL5Fi84e1T52iDUJtPddH5Olb3yYrH3c1U6RFGslPQzB/+Pxyp4PfRbuxNOUuCOuEXFSJzPddWqHXJ8ZGSPaH7+nVeNVJLXlAx51nb+JNPZPUETPoR0ozx4rGeTdOCm9y1mS46/KPzdjJEqnR8mRFw/73b2q0wEoaAMP/FHpp92qPyzLz6Wqqb0EWfc9YxQHm3WpID5xG7NcmCEqfUC3OHX3+NNve+6IJs+KlhtyFN4sM7mentxOQyEs3w1pBpzJy4ansbpHA==
  • Cc: <sstabellini@xxxxxxxxxx>, <stefano.stabellini@xxxxxxx>, <julien@xxxxxxx>, <Volodymyr_Babchuk@xxxxxxxx>, <bertrand.marquis@xxxxxxx>, <andrew.cooper3@xxxxxxxxxx>, <george.dunlap@xxxxxxxxxx>, <jbeulich@xxxxxxxx>, <wl@xxxxxxx>, <rahul.singh@xxxxxxx>
  • Delivery-date: Thu, 04 May 2023 14:02:55 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 28/04/2023 19:55, Ayan Kumar Halder wrote:
> 
> 
> handle_pci_range() and map_range_to_domain() take addr and len as uint64_t
> parameters. Then frame numbers are obtained from addr and len by right 
> shifting
> with PAGE_SHIFT. The frame numbers are expressed using unsigned long.
> 
> Now if 64-bit >> PAGE_SHIFT, the result will have 52-bits as valid. On a 
> 32-bit
> system, 'unsigned long' is 32-bits. Thus, there is a potential loss of value
> when the result is stored as 'unsigned long'.
> 
> To mitigate this issue, we check if the starting and end address can be
> contained within the range of physical address supported on the system. If 
> not,
> then an appropriate error is returned.
> 
> Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
> ---
> Changes from :-
> v1...v4 - NA. New patch introduced in v5.
> 
> v5 - 1. Updated the error message
> 2. Used "(((paddr_t)~0 - addr) < len)" to check the limit on len.
> 3. Changes in the prototype of "map_range_to_domain()" has been
> addressed by the patch 8.
> 
>  xen/arch/arm/domain_build.c | 14 ++++++++++++++
>  1 file changed, 14 insertions(+)
> 
> diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
> index 9865340eac..719bb09845 100644
> --- a/xen/arch/arm/domain_build.c
> +++ b/xen/arch/arm/domain_build.c
> @@ -1643,6 +1643,13 @@ static int __init handle_pci_range(const struct 
> dt_device_node *dev,
>      paddr_t start, end;
>      int res;
> 
> +    if ( addr != (paddr_t)addr || (((paddr_t)~0 - addr) < len) )
Given that you enclose the second condition in parenthesis, I would expect the 
same for the first.

> +    {
> +        printk(XENLOG_ERR "%s: [0x%"PRIx64", 0x%"PRIx64"] exceeds the 
> maximum allowed PA width (%u bits)",
> +               dt_node_full_name(dev), addr, (addr + len), PADDR_BITS);
> +        return -ERANGE;
> +    }
> +
>      start = addr & PAGE_MASK;
>      end = PAGE_ALIGN(addr + len);
>      res = rangeset_remove_range(mem_holes, PFN_DOWN(start), PFN_DOWN(end - 
> 1));
> @@ -2337,6 +2344,13 @@ int __init map_range_to_domain(const struct 
> dt_device_node *dev,
>      struct domain *d = mr_data->d;
>      int res;
> 
> +    if ( addr != (paddr_t)addr || (((paddr_t)~0 - addr) < len) )
Same here.

Other than that:
Reviewed-by: Michal Orzel <michal.orzel@xxxxxxx>

~Michal

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.