[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 3/5] x86/xlat: fix UB pointer arithmetic in COMPAT_ARG_XLAT_VIRT_BASE

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
Date: Tue, 18 Mar 2025 16:35:21 +0100
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 18 Mar 2025 15:35:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Tue, Mar 18, 2025 at 03:33:03PM +0100, Jan Beulich wrote:
> On 18.03.2025 10:19, Roger Pau Monne wrote:
> > --- a/xen/arch/x86/include/asm/x86_64/uaccess.h
> > +++ b/xen/arch/x86/include/asm/x86_64/uaccess.h
> > @@ -9,9 +9,9 @@
> >   * a secondary mapping installed, which needs to be used for such accesses 
> > in
> >   * the PV case, and will also be used for HVM to avoid extra conditionals.
> >   */
> > -#define COMPAT_ARG_XLAT_VIRT_BASE ((void *)ARG_XLAT_START(current) + \
> > -                                   (PERDOMAIN_ALT_VIRT_START - \
> > -                                    PERDOMAIN_VIRT_START))
> > +#define COMPAT_ARG_XLAT_VIRT_BASE ((void *)ARG_XLAT_START(current) - \
> > +                                   (PERDOMAIN_VIRT_START - \
> > +                                    PERDOMAIN_ALT_VIRT_START))
> 
> Aren't we then (still) dependent on ordering between PERDOMAIN_VIRT_START
> and PERDOMAIN_ALT_VIRT_START? Would
> 
> #define COMPAT_ARG_XLAT_VIRT_BASE ((void *)ARG_XLAT_START(current) - \
>                                    PERDOMAIN_VIRT_START + \
>                                    PERDOMAIN_ALT_VIRT_START)
> 
> perhaps be less fragile?

PERDOMAIN_{ALT_,}VIRT_START are unsigned long, so this might work.

Note however that even with your suggestion we are still dependant on
ARG_XLAT_START(v) > PERDOMAIN_ALT_VIRT_START, or else the '-' won't
work.  I think I prefer my proposed version, because it's clear that
PERDOMAIN_VIRT_START, ARG_XLAT_START(current) >
PERDOMAIN_ALT_VIRT_START.  With your suggestion that's not obvious.

Thanks, Roger.

Follow-Ups:
- Re: [PATCH v2 3/5] x86/xlat: fix UB pointer arithmetic in COMPAT_ARG_XLAT_VIRT_BASE
  - From: Jan Beulich

References:
- [PATCH v2 0/5] x86/ubsan: fix ubsan on clang + code fixes
  - From: Roger Pau Monne
- [PATCH v2 3/5] x86/xlat: fix UB pointer arithmetic in COMPAT_ARG_XLAT_VIRT_BASE
  - From: Roger Pau Monne
- Re: [PATCH v2 3/5] x86/xlat: fix UB pointer arithmetic in COMPAT_ARG_XLAT_VIRT_BASE
  - From: Jan Beulich

Prev by Date: [PATCH v3 3/3] drivers: Make ioapic_sbdf and hpet_sbdf contain pci_sbdf_t
Next by Date: RE: [PATCH] arinc653: move next_switch_time access under lock
Previous by thread: Re: [PATCH v2 3/5] x86/xlat: fix UB pointer arithmetic in COMPAT_ARG_XLAT_VIRT_BASE
Next by thread: Re: [PATCH v2 3/5] x86/xlat: fix UB pointer arithmetic in COMPAT_ARG_XLAT_VIRT_BASE
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.