Xen project Mailing List

Re: [PATCH 1/3] x86: Reject bad %dr6/%dr7 values when loading guest state

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 29 Aug 2023 16:08:35 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RBjWMeAXAUbp7nsm3VsY1tiOf3/AotUMYZW5z3l6Sss=; b=YQjICOIlzEkz5tSzIBtXCzEh2Q4z/3zIrm75kxnNYBt5Wrqpg+3cv9rhgDU3Mo50tBB2Rxv2ZbS2LJ1DO94WIbjKF4CwJnuwJWOUlTh8S3oLtuac1wOzdXvPUqp1ImX4ia1aD1Z1uGQEOUCX7fO3XzX5RKZ2f/V4FIGGdTjaz3yWMVrKQPkagB8setTi9iJUchwNJg2j150vqG5FmCMkf4ArQ1gfukXNMxJDloNTz/DOUTbRF15Nsoc4g2JEXyW9zbc+X2itY0wfq7djZRHvAHF05wi22arqRnobrmCoUXl87LYG5eT7BT/IakRQGM1oK5koevgie2sFieeB8FyO6w==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SijxzM99UPe6gXd76b0TG/2Hl6W9EApSTV0KgXI8smAKC65rTP5mvs3ZwfeSdwFLN8BCijN1hlJ7OoEsnuXIuX0+djw3kJneUdkqeGzghjclitLIfcjfV+dj7gNFkhVstsfHbUwfZktkyIJbJbSGuj4TdYi0VcbPeNuiYS9UBsSp6mlg9puYfbXNHIYQvI5YFcZyaZwF87eylU3flUOa4m3swYgiL8MzMRBeFI2y0vvS7A3dx1ULWMVhNptgQFDiqtY6sv1iDqVt5DTfX17U7MO3mCEU+xuH02SKoKU/GR2zVHEV/dhW6k7d2LH0w1Z2zQLvzx5xp1aocJYxxb5f2w==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jinoh Kang <jinoh.kang.kr@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 29 Aug 2023 14:08:48 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 29.08.2023 15:43, Andrew Cooper wrote: > --- a/xen/arch/x86/domain.c > +++ b/xen/arch/x86/domain.c > @@ -1074,8 +1074,27 @@ int arch_set_info_guest( > #endif > flags = c(flags); > > + if ( !compat ) > + { > + if ( c(debugreg[6]) != (uint32_t)c(debugreg[6]) || > + c(debugreg[7]) != (uint32_t)c(debugreg[7]) ) > + return -EINVAL; > + } > + > if ( is_pv_domain(d) ) > { > + /* > + * Prior to Xen 4.11, dr5 was used to hold the emulated-only > + * subset of dr7, and dr4 was unused. > + * > + * In Xen 4.11 and later, dr4/5 are written as zero, ignored for > + * backwards compatibility, and dr7 emulation is handled > + * internally. > + */ > + for ( i = 0; i < ARRAY_SIZE(v->arch.dr); i++ ) > + if ( !access_ok(c(debugreg[i]), sizeof(long)) ) Don't you mean __addr_ok() here, i.e. not including the is_compat_arg_xlat_range() check? (Else I would have asked why sizeof(long), but that question resolves itself with using the other macro.) Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.