[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] modify acquire_domstatic_pages to take an unsigned int size parameter


  • To: Stefano Stabellini <sstabellini@xxxxxxxxxx>
  • From: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>
  • Date: Fri, 17 Sep 2021 07:44:35 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=oObuuc468GUHjWzYe1lyj/n7xQ24z9nhbjoLJfHBUIM=; b=agiWVinrAdcDPGbL/acZ4IJ5yQ3SrQpJ7n7pAMmSIhMYGaFRW2ZfXp+gFYy9J7oKvkG6Hou1sOpogmojvFbK0gwLXz7qAObX51iVZSPbU6WIN8HHazCRkSJLS/qE/5U7r32i62xQQDrpEXvWsfpmFoHWFTS/7txdLst8fGsWABDZ/M93Ioq7i78uPeHm9Kx0KX9GfWXEYnMmGrpf11n0fsEVQNlk0SmLkTj1B3l3QIr7FrfsHaZ6IZqHyAtoA51fhXChtyFef+mm3Aaoi26rqotbsSi3d0OTsI9tDD0aciYosHTHRXLty0KvmERlcvseWkcSk0bEdNDBhHEldWrQAg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QwOyFrZbr4pEAW8qAfZE/QIxWtvQhWyA8sqxfo5635q5BtiRXHlAGuHGuyhGieAjRZa2+YwitDROwGRahfQ1sqPE5NDDw1KUWBR+ADK7N4CiF/zlgi+cQE4rx6vWz0Y8wrwOCcUt0cq75dLoQjJvSICuJVHJOCKoz7Pz8wLoB3oObNO9mMB9QMFbUuDhJZ9Vt5alXOqeIBjdqNYc1zuNd0kTxgVqa8X6W36c5WTznf7O6fReX6sy7j5wf93Wtb9rPU0a5sxyJiroXAlhE9hmyr3w45WLaJUYChX9/dp1HwX+CdMnry+ie564cwEyNJGzpI2cSOGr/qKC9bPb2P4aYw==
  • Authentication-results-original: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;
  • Cc: Jan Beulich <jbeulich@xxxxxxxx>, Penny Zheng <Penny.Zheng@xxxxxxx>, Wei Chen <Wei.Chen@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, "julien@xxxxxxx" <julien@xxxxxxx>
  • Delivery-date: Fri, 17 Sep 2021 07:44:53 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Nodisclaimer: true
  • Original-authentication-results: kernel.org; dkim=none (message not signed) header.d=none;kernel.org; dmarc=none action=none header.from=arm.com;
  • Thread-index: AQHXqzwMeY29ReTQ9Eqwx8Co+TX8raun2T4A
  • Thread-topic: [PATCH] modify acquire_domstatic_pages to take an unsigned int size parameter

Hi Stefano,

> On 16 Sep 2021, at 21:47, Stefano Stabellini <sstabellini@xxxxxxxxxx> wrote:
> 
> acquire_domstatic_pages currently takes an unsigned long nr_mfns
> parameter, but actually it cannot handle anything larger than an
> unsigned int nr_mfns. That's because acquire_domstatic_pages is based on
> assign_pages which also takes an unsigned int nr parameter.
> 
> So modify the nr_mfns parameter of acquire_domstatic_pages to be
> unsigned int.
> 
> There is only one caller in
> xen/arch/arm/domain_build.c:allocate_static_memory. Check that the value
> to be passed to acquire_domstatic_pages is no larger than UINT_MAX. If
> it is, print an error and goto fail.
> 
> Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxx>
Reviewed-by: Bertrand Marquis <bertrand.marquis@xxxxxxx>

Cheers
Bertrand

> ---
> 
> Jan, I took your suggestion of moving the check closer to where the
> value is read from DT. At that point I also took the opportunity to
> change acquire_domstatic_pages to take an unsigned int parameter
> instead of unsigned long.
> 
> 
> diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
> index 62ab7d0ead..d233d634c1 100644
> --- a/xen/arch/arm/domain_build.c
> +++ b/xen/arch/arm/domain_build.c
> @@ -554,6 +554,12 @@ static void __init allocate_static_memory(struct domain 
> *d,
>         device_tree_get_reg(&cell, addr_cells, size_cells, &pbase, &psize);
>         ASSERT(IS_ALIGNED(pbase, PAGE_SIZE) && IS_ALIGNED(psize, PAGE_SIZE));
> 
> +        if ( PFN_DOWN(psize) > UINT_MAX )
> +        {
> +            printk(XENLOG_ERR "%pd: static memory size too large: 
> %#"PRIpaddr,
> +                   d, psize);
> +            goto fail;
> +        }
>         smfn = maddr_to_mfn(pbase);
>         res = acquire_domstatic_pages(d, smfn, PFN_DOWN(psize), 0);
>         if ( res )
> diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
> index b9441cb06f..b64c07ae92 100644
> --- a/xen/common/page_alloc.c
> +++ b/xen/common/page_alloc.c
> @@ -2714,7 +2714,7 @@ static struct page_info * __init 
> acquire_staticmem_pages(mfn_t smfn,
>  * then assign them to one specific domain #d.
>  */
> int __init acquire_domstatic_pages(struct domain *d, mfn_t smfn,
> -                                   unsigned long nr_mfns, unsigned int 
> memflags)
> +                                   unsigned int nr_mfns, unsigned int 
> memflags)
> {
>     struct page_info *pg;
> 
> diff --git a/xen/include/xen/mm.h b/xen/include/xen/mm.h
> index dd49237e86..5db26ed477 100644
> --- a/xen/include/xen/mm.h
> +++ b/xen/include/xen/mm.h
> @@ -89,7 +89,7 @@ bool scrub_free_pages(void);
> /* These functions are for static memory */
> void free_staticmem_pages(struct page_info *pg, unsigned long nr_mfns,
>                           bool need_scrub);
> -int acquire_domstatic_pages(struct domain *d, mfn_t smfn, unsigned long 
> nr_mfns,
> +int acquire_domstatic_pages(struct domain *d, mfn_t smfn, unsigned int 
> nr_mfns,
>                             unsigned int memflags);
> #endif
> 
> 




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.