Xen project Mailing List

[XEN v5 08/10] xen/arm: domain_build: Check if the address fits the range of physical address

From: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>

Date: Thu, 13 Apr 2023 18:37:33 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8DOUnV1l7YFE+Fgge1cDptrXAMS0Z5E0PBq8a/I6OGs=; b=JdS3NgRtL+UpNBoW+sWqzDwtV9iViFx/ZYPAmtqpfFF4SokOHjj4wbTt+7YuGlJ7SdE7b/Vo5m6x7Ws2YsqpPdof+ekcrbb1p9i+4+xx3TlhvH8EYrF/2Wlx6eokrx4fu1SrNP46EXn5aXwHwAjet21IrEbLyX5VkoFy8kUmddVJ3RAg/oJEgUObHN5L3zbL1dnALhHQ8aBj5rpQasIjRDgTL1b0F+7Ie3rIcmF6+UTThd3PZweliXboJBZednVP5eZGQhanyXaTnst6PdIzIDyFxnD1eCcoFCnoqy89Pzy25pBXiI5KSzKzHt7qmAfAH4tliDQAGlL9GzVd9hTHRg==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aH+Zr849Fo64fg+pXGsVYf5EHX5ceYm9v4BSa/xIJEgJySUpm/TpwUvcclB6UglPqEbI2T9x28+ki+kzBGxtG+hLW7e0oshtjWcOVlNt2XPxpBAgrFaM8s+wQlVNwQeU67sX13QgtJz1xqEB01dY+FKyhkZKOOiXuHBPye3I0Z77y1dA6za2TvBbqmvwRQgwuB/SNaW97xKacVXXiVQ1/Xk/4OBqkivCV3EgZSNPE2hEDu+0XUM9xFnNZopUefD8hghPBDpsXVBgtUZHCacJMEVoDsuaP9Jr7BVlojoPGtpWMLoqIiNYVRMCDK6JjqFDapz00N7PI0jX5i3aXm8yjw==

Cc: <sstabellini@xxxxxxxxxx>, <stefano.stabellini@xxxxxxx>, <julien@xxxxxxx>, <Volodymyr_Babchuk@xxxxxxxx>, <bertrand.marquis@xxxxxxx>, <andrew.cooper3@xxxxxxxxxx>, <george.dunlap@xxxxxxxxxx>, <jbeulich@xxxxxxxx>, <wl@xxxxxxx>, <rahul.singh@xxxxxxx>, Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>

Delivery-date: Thu, 13 Apr 2023 17:38:34 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

handle_pci_range() and map_range_to_domain() take addr and len as uint64_t parameters. Then frame numbers are obtained from addr and len by right shifting with PAGE_SHIFT. The page frame numbers are saved using unsigned long. Now if 64-bit >> PAGE_SHIFT, the result will have 52-bits as valid. On a 32-bit system, 'unsigned long' is 32-bits. Thus, there is a potential loss of value when the result is stored as 'unsigned long'. To mitigate this issue, we check if the starting and end address can be contained within the range of physical address supported on the system. If not, then an appropriate error is returned. Also, the end address is computed once and used when required. And replaced u64 with uint64_t. Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx> --- Changes from :- v1...v4 - NA. New patch introduced in v5. xen/arch/arm/domain_build.c | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 7d28b75517..b98ee506a8 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -1637,15 +1637,23 @@ out: } static int __init handle_pci_range(const struct dt_device_node *dev, - u64 addr, u64 len, void *data) + uint64_t addr, uint64_t len, void *data) { struct rangeset *mem_holes = data; paddr_t start, end; int res; + uint64_t end_addr = addr + len - 1; + + if ( addr != (paddr_t)addr || end_addr != (paddr_t)end_addr ) + { + printk(XENLOG_ERR "addr (0x%"PRIx64") or end_addr (0x%"PRIx64") exceeds the maximum allowed width (%d bits) for physical address\n", + addr, end_addr, CONFIG_PADDR_BITS); + return -ERANGE; + } start = addr & PAGE_MASK; - end = PAGE_ALIGN(addr + len); - res = rangeset_remove_range(mem_holes, PFN_DOWN(start), PFN_DOWN(end - 1)); + end = PAGE_ALIGN(end_addr); + res = rangeset_remove_range(mem_holes, PFN_DOWN(start), PFN_DOWN(end)); if ( res ) { printk(XENLOG_ERR "Failed to remove: %#"PRIpaddr"->%#"PRIpaddr"\n", @@ -2330,11 +2338,19 @@ static int __init map_dt_irq_to_domain(const struct dt_device_node *dev, } int __init map_range_to_domain(const struct dt_device_node *dev, - u64 addr, u64 len, void *data) + uint64_t addr, uint64_t len, void *data) { struct map_range_data *mr_data = data; struct domain *d = mr_data->d; int res; + uint64_t end_addr = addr + len - 1; + + if ( addr != (paddr_t)addr || end_addr != (paddr_t)end_addr ) + { + printk(XENLOG_ERR "addr (0x%"PRIx64") or end_addr (0x%"PRIx64") exceeds the maximum allowed width (%d bits) for physical address\n", + addr, end_addr, CONFIG_PADDR_BITS); + return -ERANGE; + } /* * reserved-memory regions are RAM carved out for a special purpose. @@ -2345,13 +2361,13 @@ int __init map_range_to_domain(const struct dt_device_node *dev, strlen("/reserved-memory/")) != 0 ) { res = iomem_permit_access(d, paddr_to_pfn(addr), - paddr_to_pfn(PAGE_ALIGN(addr + len - 1))); + paddr_to_pfn(PAGE_ALIGN(end_addr))); if ( res ) { printk(XENLOG_ERR "Unable to permit to dom%d access to" " 0x%"PRIx64" - 0x%"PRIx64"\n", d->domain_id, - addr & PAGE_MASK, PAGE_ALIGN(addr + len) - 1); + addr & PAGE_MASK, PAGE_ALIGN(end_addr) - 1); return res; } } @@ -2368,7 +2384,7 @@ int __init map_range_to_domain(const struct dt_device_node *dev, { printk(XENLOG_ERR "Unable to map 0x%"PRIx64 " - 0x%"PRIx64" in domain %d\n", - addr & PAGE_MASK, PAGE_ALIGN(addr + len) - 1, + addr & PAGE_MASK, PAGE_ALIGN(end_addr) - 1, d->domain_id); return res; } -- 2.17.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.