[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] xen/arm: domain_build: Check if the address fits the range of physical address
commit 133f6df947a20bb60f189f6b8d9872b53af6a1d9 Author: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx> AuthorDate: Thu May 18 15:39:14 2023 +0100 Commit: Julien Grall <jgrall@xxxxxxxxxx> CommitDate: Fri May 26 13:13:19 2023 +0100 xen/arm: domain_build: Check if the address fits the range of physical address handle_pci_range() and map_range_to_domain() take addr and len as uint64_t parameters. Then frame numbers are obtained from addr and len by right shifting with PAGE_SHIFT. The frame numbers are expressed using unsigned long. Now if 64-bit >> PAGE_SHIFT, the result will have 52-bits as valid. On a 32-bit system, 'unsigned long' is 32-bits. Thus, there is a potential loss of value when the result is stored as 'unsigned long'. To mitigate this issue, we check if the starting and end address can be contained within the range of physical address supported on the system. If not, then an appropriate error is returned. Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx> Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx> Reviewed-by: Michal Orzel <michal.orzel@xxxxxxx> --- xen/arch/arm/domain_build.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 50b85ea783..cb23f531a8 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -1643,6 +1643,13 @@ static int __init handle_pci_range(const struct dt_device_node *dev, paddr_t start, end; int res; + if ( (addr != (paddr_t)addr) || (((paddr_t)~0 - addr) < len) ) + { + printk(XENLOG_ERR "%s: [0x%"PRIx64", 0x%"PRIx64"] exceeds the maximum allowed PA width (%u bits)", + dt_node_full_name(dev), addr, (addr + len), PADDR_BITS); + return -ERANGE; + } + start = addr & PAGE_MASK; end = PAGE_ALIGN(addr + len); res = rangeset_remove_range(mem_holes, PFN_DOWN(start), PFN_DOWN(end - 1)); @@ -2333,6 +2340,13 @@ int __init map_range_to_domain(const struct dt_device_node *dev, struct domain *d = mr_data->d; int res; + if ( (addr != (paddr_t)addr) || (((paddr_t)~0 - addr) < len) ) + { + printk(XENLOG_ERR "%s: [0x%"PRIx64", 0x%"PRIx64"] exceeds the maximum allowed PA width (%u bits)", + dt_node_full_name(dev), addr, (addr + len), PADDR_BITS); + return -ERANGE; + } + /* * reserved-memory regions are RAM carved out for a special purpose. * They are not MMIO and therefore a domain should not be able to -- generated by git-patchbot for /home/xen/git/xen.git#master
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |