[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] out of bounds handling for get_mfn_from_gpfn()
>The tables you mention above are not involved in get_mfn_from_gpfn() -- >they translate the other way. ??? xen/include/asm-x86/mm.h says: /* * The phys_to_machine_mapping is the reversed mapping of MPT for full * virtualization. It is only used by shadow_mode_translate()==true * guests, so we steal the address space that would have normally * been used by the read-only MPT map. */ #define phys_to_machine_mapping ((unsigned long *)RO_MPT_VIRT_START) #define INVALID_MFN (~0UL) #define VALID_MFN(_mfn) (!((_mfn) & (1U<<31))) #define set_mfn_from_gpfn(pfn, mfn) (phys_to_machine_mapping[(pfn)] = (mfn)) static inline unsigned long get_mfn_from_gpfn(unsigned long pfn) { unsigned long mfn; if ( __copy_from_user(&mfn, &phys_to_machine_mapping[pfn], sizeof(mfn)) ) mfn = INVALID_MFN; return mfn; } >The input gpfn either needs testing >against, or masking with, (PADDR_MASK >> PAGE_SHIFT). We should always >ensure that the m2p and p2m tables are big enough to be indexed by that >value. >From the above header excerpt I'm getting the impression that mfn-s are >assumed to be at most 31 bits in size (bit 31 is used as an invalid indicator there). Also, in the observed case the mfn is a 39-bit value, which is clearly inside the range covered by (PADDR_MASK >> PAGE_SHIFT) (40 bits), however, (RO_MPT_VIRT_END - RO_MPT_VIRT_START) covers only 38 bits (where, for the full 40-bit MFN range, 43 bits would be needed, which would cover the entire current hypervisor address space reservation). Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |