Xen project Mailing List

[PATCH] x86/PV: consolidate LDT checks

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Tue, 5 Sep 2023 11:10:31 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DE7MpGw7Og0CWnJ0nbJklNmp29KoDOwItn08FJ66lgQ=; b=U2PIii+a6XBoB/KxE48rTOnAfN8KkhLTwIuQWBZGO0NoPaQHpbqzArvnCj4di6IO82uJHSND6Rdb5T9MVadDUMoYQXzhsuvUs6Z/wZWdMaDcTt9s+WlpfUR7ZR4IRCesLt6y59D7P3RTedX4EKkq2ZyyIfCzYhyXC/bdEnnOzcpRtGp2P6F/AEZuhhS5fQJul44lOjt/XoaMk/WXK0EqYABQmaGjLxAv57y3tT8wm4k/Xz9LrNzBTlRztSJF6K4d/eFFIpbjxc25/COty5r4gp2lJGanEFkPJvNs9Gp1/ZXmiKCFERe2jYrVcyXCPctb5zGEhSwPHmQa4Sq3L/IsWQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kvT3XvZBMoNC/fQorQe3PMpMiPPbY7aABKff4Qk+u/YIgBQBsxZ/euA5jsg79+2vtUBkn6O0lVYs4Ofjt11v29CRhWsn9/RwGdNBz89czsF9RFqhqBrtNAopbUw+RQRAFypINAp0f48pDp6pXyXPczXZa4LNj8Ra2JBQ57K5VXfT1Dl4H6kUJRoXe6NuFn9kzny5D3r2pcKMQGmxqpaTjNlg7t38l1vTOg13DKYw9g/FjZok4nyMGBeUw7TGisyzjgr+5ABYpnsMLv+Kjo5cvA7S1Pn2ZDcVguRqbXXuibzLAQ5o3tJzyy4DAfw+DuK/NhzJhFbbWoykYHJfTm7rhw==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Tue, 05 Sep 2023 09:10:40 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Consolidate all hypercall time checking into a single helper function, checking only static properties. The dynamic properties are already taken care of by the __addr_ok() check in guest_get_eff_kern_l1e(), used by pv_map_ldt_shadow_page(), in a formally more "precise" manner (accounting for the offset into the table). Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1081,7 +1081,6 @@ int arch_set_info_guest( if ( !is_canonical_address(c.nat->user_regs.rip) || !is_canonical_address(c.nat->user_regs.rsp) || !is_canonical_address(c.nat->kernel_sp) || - (c.nat->ldt_ents && !is_canonical_address(c.nat->ldt_base)) || !is_canonical_address(c.nat->fs_base) || !is_canonical_address(c.nat->gs_base_kernel) || !is_canonical_address(c.nat->gs_base_user) || @@ -1100,9 +1099,6 @@ int arch_set_info_guest( return -EINVAL; fixup_guest_code_selector(d, c.nat->trap_ctxt[i].cs); } - - if ( !__addr_ok(c.nat->ldt_base) ) - return -EINVAL; } #ifdef CONFIG_COMPAT else @@ -1119,8 +1115,7 @@ int arch_set_info_guest( #endif /* LDT safety checks. */ - if ( ((c(ldt_base) & (PAGE_SIZE - 1)) != 0) || - (c(ldt_ents) > 8192) ) + if ( !pv_is_valid_ldt(c(ldt_base), c(ldt_ents)) ) return -EINVAL; v->arch.pv.vgc_flags = flags; --- a/xen/arch/x86/include/asm/pv/mm.h +++ b/xen/arch/x86/include/asm/pv/mm.h @@ -46,4 +46,14 @@ static inline bool pv_destroy_ldt(struct #endif +static inline bool pv_is_valid_ldt(unsigned long base, unsigned int ents) +{ + if ( !ents ) + return true; + + return !(base & (PAGE_SIZE - 1)) && ents <= 8192 && + is_canonical_address(base) && + is_canonical_address(base + ents * 8 - 1); +} + #endif /* __X86_PV_MM_H__ */ --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3800,8 +3800,7 @@ long do_mmuext_op( rc = -EPERM; else if ( paging_mode_external(currd) ) rc = -EINVAL; - else if ( (ents > 8192) || - (ents && ((ptr & (PAGE_SIZE - 1)) || !__addr_ok(ptr))) ) + else if ( !pv_is_valid_ldt(ptr, ents) ) { gdprintk(XENLOG_WARNING, "Bad args to SET_LDT: ptr=%lx, ents=%x\n", ptr, ents);

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.