[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.4] x86: enforce preemption in HVM_set_mem_access / p2m_set_mem_access()
commit babcef372ae2ca9c4f4212398803015eb250f764 Author: Jan Beulich <jbeulich@xxxxxxxx> AuthorDate: Tue Mar 25 17:20:47 2014 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Mar 25 17:20:47 2014 +0100 x86: enforce preemption in HVM_set_mem_access / p2m_set_mem_access() Processing up to 4G PFNs may take almost arbitrarily long, so preemption is needed here. This is CVE-2014-2599 / XSA-89. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Tim Deegan <tim@xxxxxxx> master commit: 0fe53c4f279e1a8ef913e71ed000236d21ce96de master date: 2014-03-25 15:23:57 +0100 --- xen/arch/x86/hvm/hvm.c | 9 +++++++++ xen/arch/x86/mm/p2m.c | 21 +++++++++++++++------ xen/include/asm-x86/p2m.h | 4 ++-- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 69f7e74..6150899 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4465,6 +4465,15 @@ long do_hvm_op(unsigned long op, XEN_GUEST_HANDLE_PARAM(void) arg) goto param_fail5; rc = p2m_set_mem_access(d, a.first_pfn, a.nr, a.hvmmem_access); + if ( rc > 0 ) + { + a.first_pfn += a.nr - rc; + a.nr = rc; + if ( __copy_to_guest(arg, &a, 1) ) + rc = -EFAULT; + else + rc = -EAGAIN; + } param_fail5: rcu_unlock_domain(d); diff --git a/xen/arch/x86/mm/p2m.c b/xen/arch/x86/mm/p2m.c index 8f380ed..e0e5840 100644 --- a/xen/arch/x86/mm/p2m.c +++ b/xen/arch/x86/mm/p2m.c @@ -1366,15 +1366,14 @@ void p2m_mem_access_resume(struct domain *d) /* Set access type for a region of pfns. * If start_pfn == -1ul, sets the default access type */ -int p2m_set_mem_access(struct domain *d, unsigned long start_pfn, - uint32_t nr, hvmmem_access_t access) +long p2m_set_mem_access(struct domain *d, unsigned long pfn, uint32_t nr, + hvmmem_access_t access) { struct p2m_domain *p2m = p2m_get_hostp2m(d); - unsigned long pfn; p2m_access_t a, _a; p2m_type_t t; mfn_t mfn; - int rc = 0; + long rc; /* N.B. _not_ static: initializer depends on p2m->default_access */ p2m_access_t memaccess[] = { @@ -1397,14 +1396,17 @@ int p2m_set_mem_access(struct domain *d, unsigned long start_pfn, a = memaccess[access]; /* If request to set default access */ - if ( start_pfn == ~0ull ) + if ( pfn == ~0ul ) { p2m->default_access = a; return 0; } + if ( !nr ) + return 0; + p2m_lock(p2m); - for ( pfn = start_pfn; pfn < start_pfn + nr; pfn++ ) + for ( ; ; ++pfn ) { mfn = p2m->get_entry(p2m, pfn, &t, &_a, 0, NULL); if ( p2m->set_entry(p2m, pfn, mfn, PAGE_ORDER_4K, t, a) == 0 ) @@ -1412,6 +1414,13 @@ int p2m_set_mem_access(struct domain *d, unsigned long start_pfn, rc = -ENOMEM; break; } + + /* Check for continuation if it's not the last interation. */ + if ( !--nr || hypercall_preempt_check() ) + { + rc = nr; + break; + } } p2m_unlock(p2m); return rc; diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h index f4e7253..a2cb1b7 100644 --- a/xen/include/asm-x86/p2m.h +++ b/xen/include/asm-x86/p2m.h @@ -576,8 +576,8 @@ void p2m_mem_access_resume(struct domain *d); /* Set access type for a region of pfns. * If start_pfn == -1ul, sets the default access type */ -int p2m_set_mem_access(struct domain *d, unsigned long start_pfn, - uint32_t nr, hvmmem_access_t access); +long p2m_set_mem_access(struct domain *d, unsigned long start_pfn, + uint32_t nr, hvmmem_access_t access); /* Get access type for a pfn * If pfn == -1ul, gets the default access type */ -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.4 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |