[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.3] x86: refine address validity checks before accessing page tables

commit 5c1dcf7d2c03fc9f256313cf99bfd81bddcc967d
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Fri Nov 15 11:20:55 2013 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Nov 15 11:20:55 2013 +0100

    x86: refine address validity checks before accessing page tables
    
    In commit 40d66baa ("x86: correct LDT checks") and d06a0d71 ("x86: add
    address validity check to guest_map_l1e()") I didn't really pay
    attention to the fact that these checks would better be done before the
    paging_mode_translate() ones, as there's also no equivalent check down
    the shadow code paths involved here (at least not up to the first use
    of the address), and such generic checks shouldn't really be done by
    particular backend functions anyway.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Tim Deegan <tim@xxxxxxx>
    master commit: 343cad8c70585c4dba8afc75e1ec1b7610605ab2
    master date: 2013-10-28 12:00:36 +0100
---
 xen/include/asm-x86/paging.h |   19 +++++++++++++------
 1 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/xen/include/asm-x86/paging.h b/xen/include/asm-x86/paging.h
index e957b2f..cd7ee3b 100644
--- a/xen/include/asm-x86/paging.h
+++ b/xen/include/asm-x86/paging.h
@@ -356,12 +356,14 @@ guest_map_l1e(struct vcpu *v, unsigned long addr, 
unsigned long *gl1mfn)
 {
     l2_pgentry_t l2e;
 
+    if ( unlikely(!__addr_ok(addr)) )
+        return NULL;
+
     if ( unlikely(paging_mode_translate(v->domain)) )
         return paging_get_hostmode(v)->guest_map_l1e(v, addr, gl1mfn);
 
     /* Find this l1e and its enclosing l1mfn in the linear map */
-    if ( !__addr_ok(addr) ||
-         __copy_from_user(&l2e,
+    if ( __copy_from_user(&l2e,
                           &__linear_l2_table[l2_linear_offset(addr)],
                           sizeof(l2_pgentry_t)) != 0 )
         return NULL;
@@ -382,16 +384,21 @@ guest_unmap_l1e(struct vcpu *v, void *p)
 
 /* Read the guest's l1e that maps this address. */
 static inline void
-guest_get_eff_l1e(struct vcpu *v, unsigned long addr, void *eff_l1e)
+guest_get_eff_l1e(struct vcpu *v, unsigned long addr, l1_pgentry_t *eff_l1e)
 {
+    if ( unlikely(!__addr_ok(addr)) )
+    {
+        *eff_l1e = l1e_empty();
+        return;
+    }
+
     if ( likely(!paging_mode_translate(v->domain)) )
     {
         ASSERT(!paging_mode_external(v->domain));
-        if ( !__addr_ok(addr) ||
-             __copy_from_user(eff_l1e,
+        if ( __copy_from_user(eff_l1e,
                               &__linear_l1_table[l1_linear_offset(addr)],
                               sizeof(l1_pgentry_t)) != 0 )
-            *(l1_pgentry_t *)eff_l1e = l1e_empty();
+            *eff_l1e = l1e_empty();
         return;
     }
         
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.3

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.