[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 1/2] domain: fix misaligned unmap address in {,un}map_guest_area()
- To: Jan Beulich <jbeulich@xxxxxxxx>
- From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Date: Mon, 16 Oct 2023 14:44:25 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LzKPBiwIo3gncxI6c/W5XVQRYmsaYfOt39nGJp8DiAY=; b=Oihl6JbSQ60PplmcQ1QR4dnhJYFmdUc9mWQc/vFRboIQWi0a6LsrnIyet+5m5xP8qh425y+zhNvEEzebntsP9thLUWk9pccgcHXUcTvy1crL3zE42PjGGlyzFWJBeVPOqhJZSq4pSnrAlwdCq4mDguylUnxVyCeUX1DQCVAQI7WJBKo1DpPYV/SmIcLwPnlT6SmVjZzWDRwDIVjEhNxvw9Wsh3TeM6TbSIB9iuXmfPG/45+WQ+7KiSaPjR0wlX3l1/E5s+0lCRoRCKJt/+d4vO44aBcUFVmwCXZiyXBZy0+sWQZTlm3hpjDy9wFvntz+B2NAX3ih/FDu5nkgOReV3w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eWtallO9Et7Jaycphxzk5WPsfV2zOVKryZ8gxvNonCfh4+NaVIqwt9ODeliQc6j80iuz/cUJDjphefIRx99nKT0sK1MA+JLoTmLR9mAT957S4gKdws2orV03k6I6WdXkVrQS3OPan6bpaV4Anjl+1HEBG0b9RoLm5I4ay9bysw9hkB0dKkyoWjaKSIN7+jUZ25LfKn4KhSCAFAXt1DP1ZCygr1RN7wfowyh+QfdojN3UgMmpnQVgTRCwdolHmNP9UXEmhsuuPguWgSov7QpofvAVNtGgjNblWosGp/m7fRhvqObVo6uvMvgmeZmR77WXDYQk5fnj73GcjKi75zNM8Q==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
- Cc: Henry Wang <Henry.Wang@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
- Delivery-date: Mon, 16 Oct 2023 12:44:50 +0000
- Ironport-data: A9a23:lDT4Qa3WBt8Z7EAZR/bD5Qlwkn2cJEfYwER7XKvMYLTBsI5bp2QAz zAdXmzXbq3cZGGnfNh+PY/i9E1SvJKGmtAyGQI/pC1hF35El5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliOfQAOK6UbaYUsxIbVcMYD87jh5+kPIOjIdtgNyoayuAo tq3qMDEULOf82cc3lk8teTb83uDgNyo4GlD5wRnO6gS1LPjvyJ94Kw3dPnZw0TQGuG4LsbiL 87fwbew+H/u/htFIrtJRZ6iLyXm6paLVeS/oiI+t5qK23CulQRrukoPD9IOaF8/ttm8t4sZJ OOhF3CHYVxB0qXkwIzxWvTDes10FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfPWVX7 aA+CQ4xMC+PiOfu+JuxFfVXv5F2RCXrFNt3VnBI6xj8VKxja7aTBqLA6JlfwSs6gd1IEbDGf c0FZDFzbRPGJRpSJlMQD5F4l+Ct7pX9W2QA9BTJ+uxqvi6KklwZPLvFabI5fvSQQspYhACAr 3/u9GXlGBAKcteYzFJp91r13LKSw3ygBN96+LuQ8cdrqWOVhWkvBhgmS0eQ/ciAoVe/YocKQ 6AT0m90xUQoz2SpRNTgWxyzoFafowURHdFXFoUSyAyL0LuS3A+fCUANVDsHY9sj3Oc0WDgr2 1mhj97vQzt1v9W9UmmB/72ZqTezPyk9LmIYYyIACwwf7LHLv4Ubnh/JCNF5H8adntDzXD393 T2OhCw/nKkIy94G0b2h+lLKiC7qoYLGJjPZ/S3SV2Ohqwl/NIisYtXy7UCBtKgQaoGEUlOGo X4I3dCE6/wDBo2MkyrLR/gRGLau5LCONzi0bUNTIqTNPg+FoxaLFb28KhknTKu1Gq7ooQPUX XI=
- Ironport-hdrordr: A9a23:yUGHXKt+quwYFvamkPlAZsXI7skDjNV00zEX/kB9WHVpm6yj+v xG+85rsSMc6QxhPU3I/OrrBEDuexzhHPJOj7X5Xo3SPjUO2lHJEGgK1+KLrwEIcxeUygc379 YCT0ERMrzN5VgRt7eG3OG7eexQvOVuJsqT9JjjJ3QGd3AVV0l5hT0JbTpyiidNNXJ77ZxSLu v72uN34wCOVF4wdcqBCnwMT4H41qf2fMKPW29+O/Y/gjP+9Q+V1A==
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Mon, Oct 16, 2023 at 02:30:12PM +0200, Jan Beulich wrote:
> On 06.10.2023 15:00, Roger Pau Monne wrote:> --- a/xen/common/domain.c
> > +++ b/xen/common/domain.c
> > @@ -1601,7 +1601,7 @@ int map_guest_area(struct vcpu *v, paddr_t gaddr,
> > unsigned int size,
> > unmap:
> > if ( pg )
> > {
> > - unmap_domain_page_global(map);
> > + unmap_domain_page_global((void *)((unsigned long)map & PAGE_MASK));
> > put_page_and_type(pg);
> > }
> >
> > @@ -1634,7 +1634,7 @@ void unmap_guest_area(struct vcpu *v, struct
> > guest_area *area)
> >
> > if ( pg )
> > {
> > - unmap_domain_page_global(map);
> > + unmap_domain_page_global((void *)((unsigned long)map & PAGE_MASK));
> > put_page_and_type(pg);
> > }
> > }
>
> On v1 in a reply to Julien you talk of "limiting misuse" by not relaxing
> expecations in Arm's backing code, but I wonder what kind of misuse you
> think about. Aiui there's no strong need to insist on page aligned input,
> and relaxing things there may simplify code elsewhere as well.
destroy_xen_mappings() both on Arm and x86 will trigger asserts if the
passed address is not page aligned. I do think it makes sense to call
unmap_domain_page_global() with page-aligned addresses, as that could
help detect bogus callers or corrupted data passed as input.
IMO an assert for page aligned input address should be placed at
vunmap() in order to not get differing expectations on input address
being page aligned or not whether destroy_xen_mappings() or
map_pages_to_xen() is used. map_pages_to_xen() doesn't require
page-aligned virtual addresses as input.
Roger.
|