[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Ping: [PATCH v2 1/4] x86/PV: tighten page table ownership check in emul-priv-op.c:read_cr()

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <JBeulich@xxxxxxxx>
  • Date: Wed, 17 Jul 2019 06:59:09 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=suse.com;dmarc=pass action=none header.from=suse.com;dkim=pass header.d=suse.com;arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bV99t9mhISRDL6L37Tt5iMwNF/Cx66x0PVz6wERhaJ8=; b=RlgLezSCLw3mE6x5aw5/TY6+hHfnLYC2YCjZT4EKVRzAlJzNk3sAe1FgyG4IHLVOmk60Vi/dP/V6TZ6qVpkrMfU1uiDy6joN3ibBwlVjJC1ONgvsc2L6UyOGfGOF9SXCHVcEG3JsvnlmDtcgvBv2EjsQK4KxqF/xxc9+YSUGLORlTQoQyziqRI9Ts9O5ZnAlL0s3gdXuSSTJEML4kWKUFpujYCJZ1XiEuOjmAHSnRCerZ/yi0umxLGGtv3mVwbywSC93x1w8YnAdyEnC/2dL9dXw/v4uHxasKu8zhw4zyRL7kvBYfGZFipbcrHkI1pn9hJWd8fmIBpMSS4HPY7PniA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MxmNXFKtY09/xfp1ODcM6q1Da4P/1/PZZgym7msDGgyY4HpO07TzK/YK7tPauNcXADSipFlviycGuJ/8xfWIzUKLPAX9crYrO6OXALQExJrsmD8sfx1xzzDB1DTKckYITRk2a0q8px2UkQO7HawDmhLVud0KelV1OyYgebErIKcuMSherAg07i0ocAYsLOgzCeCnzElsvy/A+zYY1/6ntrbmrWN3OvS1XuHkWoBb30GCySVSddMLFLbnPgDjYTdf1wctXG/hWiTrJdndNisq47GwuYi+LOh1Y4tnjCAPZdhNfYGY42AxWFlv2ugtzYC4xfmfYIn45tBGT0Q0CwT8MA==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=JBeulich@xxxxxxxx;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 17 Jul 2019 06:59:39 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHVPG0io4mJ+l5O+0+d1rxyiWEgBg==
  • Thread-topic: Ping: [PATCH v2 1/4] x86/PV: tighten page table ownership check in emul-priv-op.c:read_cr()
>>> On 04.06.19 at 14:41,  wrote:
> Rather than checking that a page table is _not_ "owned" by the fake COW
> domain, check that it's owned by the domain actually wanting to install
> it.
> 
> Switch away from BUG_ON() at the same time.
> 
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

I've got Roger's R-b - any chance to get an ack here so it can go in?

> ---
> v2: Split out from larger patch to make further adjustments.
> ---
> Thinking about it I wonder why we have such a check here and no-where
> else. An alternative would seem to be to simply drop the BUG_ON().

Or would you prefer me to go this (or yet another) route?

Jan

> --- a/xen/arch/x86/pv/emul-priv-op.c
> +++ b/xen/arch/x86/pv/emul-priv-op.c
> @@ -706,7 +706,7 @@ static int read_cr(unsigned int reg, uns
>  
>      case 3: /* Read CR3 */
>      {
> -        const struct domain *currd = curr->domain;
> +        struct domain *currd = curr->domain;
>          mfn_t mfn;
>  
>          if ( !is_pv_32bit_domain(currd) )
> @@ -723,8 +723,14 @@ static int read_cr(unsigned int reg, uns
>              unmap_domain_page(pl4e);
>              *val = compat_pfn_to_cr3(mfn_to_gmfn(currd, mfn_x(mfn)));
>          }
> -        /* PTs should not be shared */
> -        BUG_ON(page_get_owner(mfn_to_page(mfn)) == dom_cow);
> +
> +        /* PTs should be owned by their domains */
> +        if ( page_get_owner(mfn_to_page(mfn)) != currd )
> +        {
> +            ASSERT_UNREACHABLE();
> +            domain_crash(currd);
> +        }
> +
>          return X86EMUL_OKAY;
>      }
>      }
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.