[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.8] xen/arm: p2m: Don't check the return of p2m_get_root_pointer() with BUG_ON()
commit 4ffb12e4253e9b28eaa21ef367fe6b2a2185ddff Author: Julien Grall <julien.grall@xxxxxxx> AuthorDate: Mon Nov 4 15:28:17 2019 +0100 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Mon Nov 4 15:28:17 2019 +0100 xen/arm: p2m: Don't check the return of p2m_get_root_pointer() with BUG_ON() It turns out that the BUG_ON() was actually reachable with well-crafted hypercalls. The BUG_ON() is here to prevent catch logical error, so crashing Xen is a bit over the top. While all the holes should now be fixed, it would be better to downgrade the BUG_ON() to something less fatal to prevent any more DoS. The BUG_ON() in p2m_get_entry() is now replaced by ASSERT_UNREACHABLE() to catch mistake in debug build and return INVALID_MFN for production build. The interface also requires to set page_order to give an idea of the size of "hole". So 'level' is now set so we report a hole of size of the an entry of the root page-table. This stays inline with what happen when the GFN is higher than p2m->max_mapped_gfn. The BUG_ON() in p2m_resolve_translation_fault() is now replaced by ASSERT_UNREACHABLE() to catch mistake in debug build and just report a fault for producion build. This is part of XSA-301. Reported-by: Julien Grall <Julien.Grall@xxxxxxx> Signed-off-by: Julien Grall <julien.grall@xxxxxxx> Reviewed-by: Stefano Stabellini <sstabellini@xxxxxxxxxx> master commit: 31b4f4ab6634f85163656b470dffc6d974917853 master date: 2019-10-31 16:19:14 +0100 --- xen/arch/arm/p2m.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index a460527940..e599b79b2e 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -359,7 +359,12 @@ mfn_t p2m_get_entry(struct p2m_domain *p2m, gfn_t gfn, * the table should always be non-NULL because the gfn is below * p2m->max_mapped_gfn and the root table pages are always present. */ - BUG_ON(table == NULL); + if ( !table ) + { + ASSERT_UNREACHABLE(); + level = P2M_ROOT_LEVEL; + goto out; + } for ( level = P2M_ROOT_LEVEL; level < 3; level++ ) { -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.8 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |