[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 1/2] VT-d: avoid NULL deref on domain_context_mapping_one() error paths

  • To: Jason Andryuk <jandryuk@xxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Fri, 8 Apr 2022 08:03:40 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0iUQMe8rwMW19mCVcx3iXH18hdYYZg4WLaVzzpl0b+o=; b=A6Ohh61foZiGNPKqCY4D9bLEDh5gFsZOM/skzQDienNLU6ePsnKb/iKgKKDu5OH/n0DX5l6ibzmmLJIGYn71/DgHAtH+UowZOe/arEIVyKZ1vnb/Ddi3FvnD86GpyF7ykHCaouzJnFwe9GoVs0+WlDouX7CyDMAPFJYMvlTU8B9+QbPGfG/fZLHruB4cr1QQTh2LhpScXYGIdKH45hjYxRYvX1tWaXBipDrB1droMsejNEQ+8Pbpgj3SbEmtawoNtS2E+p2u286ZTcK3Q1jQfpET36RcbKviJsTSRZ0F4aLWoYo+1+vVSAQlbFSelZwZ2SSsyoS8DndcGGF9xWQByQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eBeQRk1/AibbsO53vUA6ahfxCvV20aNYlkhjdskpsdhCFUGGpP4u6zElXQrhHGgkgr5OebAO4bXs3kwLu0qS/EmSsEJUqHIPGMGU7ZvZAv7yfA/FY0xQlMJdyKXkTUKyhf3R0KRvnnztl4sROBrlhLdtEc6e0K8upSlGnzH6/ozwNbg61Lk915nyb0A/d0jRpIeumLS8wQk0ElHWfMwvjt++EaLTeP3ivmCEN6DrNQaNhFSwK05ZQUnHSsaD9NsedWET/Y5ZWNGHTaESrl7GS2cIS9OsmjW/jA7wmO4Nzcpx2GIPPhOBHAz94mvLxe/vhvGdFkflsYz7anfgt+XXRA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>
  • Delivery-date: Fri, 08 Apr 2022 06:03:59 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 07.04.2022 18:31, Jason Andryuk wrote:
> Hi,
> 
> On Thu, Apr 7, 2022 at 3:50 AM Jan Beulich <jbeulich@xxxxxxxx> wrote:
>>
>> On 07.04.2022 09:41, Roger Pau Monné wrote:
>>> On Thu, Apr 07, 2022 at 08:11:06AM +0200, Jan Beulich wrote:
>>>> First there's a printk() which actually wrongly uses pdev in the first
>>>> place: We want to log the coordinates of the (perhaps fake) device
>>>> acted upon, which may not be pdev.
>>>>
>>>> Then it was quite pointless for eb19326a328d ("VT-d: prepare for per-
>>>> device quarantine page tables (part I)") to add a domid_t parameter to
>>>> domain_context_unmap_one(): It's only used to pass back here via
>>>> me_wifi_quirk() -> map_me_phantom_function(). Drop the parameter again.
>>>>
>>>> Finally there's the invocation of domain_context_mapping_one(), which
>>>> needs to be passed the correct domain ID. Avoid taking that path when
>>>> pdev is NULL and the quarantine state is what would need restoring to.
>>>> This means we can't security-support PCI devices with RMRRs (if such
>>>> exist in practice) any longer.
>>>
>>> The sentence:
>>>
>>> "This means we can't security-support PCI devices with RMRRs"
>>>
>>> Seems too broad and could lead to confusion. So I would maybe use:
>>> "legacy PCI devices" or "non PCI Express devices".
>>
>> Right. I did actually forget to either drop or edit that sentence. I've
>> now extended this to
>>
>> "This means we can't security-support non-PCI-Express devices with RMRRs
>>  (if such exist in practice) any longer; note that as of trhe 1st of the
>>  two commits referenced below assigning them to DomU-s is unsupported
>>  anyway."
> 
> Mentioning "Express" makes the support statement clearer.  However,
> I'm not clear on what unsupported means in "assigning them to DomU-s
> is unsupported anyway".  They can't be assigned?  I'm testing with
> staging-4.16, so with XSA-400, but not this patch.  I seemingly have a
> legacy PCI device still being assigned to a domU.
> 
> It is an 8th Gen Intel laptop with:
> 00:14.0 USB controller: Intel Corporation Cannon Point-LP USB 3.1 xHCI
> Controller (rev 30) (prog-if 30 [XHCI]).
> 
> lspci output for 00:14.0 does *not* have capability "Express (v2)",
> but it does have an RMRR:
> (XEN) [VT-D]found ACPI_DMAR_RMRR:
> (XEN) [VT-D] endpoint: 0000:00:14.0
> 
> It looks like it is PCI compared to 39:00.0 which does have Express (v2):
> (XEN) [VT-D]d1:PCI: map 0000:00:14.0
> (XEN) [VT-D]d1:PCIe: map 0000:39:00.0
> 
> As I understand it, an RMRR is common with USB controllers for
> implementing legacy mouse & keyboard support.  The Cannon Point PCH is
> fairly modern, so I'd expect it to use PCI Express.  Xen seems to
> identify it as DEV_TYPE_PCI given "PCI" above.  It is an integrated
> PCI device, so it has no upstream bridge.  Maybe that is why it can
> still be assigned?  The "unsupported assignment" is a legacy PCI
> device, behind a bridge, with an RMRR?

Ah yes - the "behind a bridge" aspect does matter (but I can't
adjust the description of an already committed patch). That's both
for the respective part of the XSA-400 series as well as for the
change here.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.