[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 2/3] x86/boot: Fix microcode module handling during PVH boot
On 10/23/24 06:57, Andrew Cooper wrote: From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx> As detailed in commit 0fe607b2a144 ("x86/boot: Fix PVH boot during boot_info transition period"), the use of __va(mbi->mods_addr) constitutes a use-after-free on the PVH boot path. This pattern has been in use since before PVH support was added. Inside a PVH VM, it will go unnoticed as long as the microcode container parser doesn't choke on the random data it finds. The use within early_microcode_init() happens to be safe because it's prior to move_xen(). microcode_init_cache() is after move_xen(), and therefore unsafe. Plumb the boot_info pointer down, replacing module_map and mbi. Importantly, bi->mods[].mod is a safe way to access the module list during PVH boot. Note: microcode_scan_module() is still bogusly stashing a bootstrap_map()'d pointer in ucode_blob.data, which constitutes a different use-after-free, and only works in general because of a second bug. This is unrelated to PVH, and needs untangling differently. Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> CC: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> Reviewed-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |