[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[XEN v7 05/11] xen/arm: domain_build: Check if the address fits the range of physical address

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
  • Date: Thu, 18 May 2023 15:39:14 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dIbGtyu/gWerwDuQ2gvCU+RRCAtN1+d/wfgGFegCZv8=; b=b52H8s8t5TiuEfTjY1BYae43ctiUlp5SrDAghP7Ch5lU5qRAxXZvo315DTaQ/OmE96vBx9DO2+5Jm+R1GUS2IAm82ct9aJXb1TOenhUG/w518yyEbpulMzbyl5+lYNZcKzx38sFYrHYC+Xm2o5jbkRBJdnSI2/dLUt5PaaeMSWs2juLy6vxetn+srTreohqXk4oFgfTIuv/0KpkhFHinvwsEKlrpQJDpB3j3Bh5/UYVF05fJg8aVUVHqkfvnQLPKoh1DM+Q4OetQbUeGAlTkYsuTo9qCW4LKkpaShuvHsxxxi38VNwCYsJ5AGaY5W9S4AG+RTPAnO8Io15qUG0n0Cw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gJzO8xv45zn9w1Dkr6iS3sdn+uUGIm0t3eT8Y99//7eksGU4+5ND2qXPc0gRrb4OwJ6jS4JMp93Z1i8RkmMrt87qdrblGMBbP6LJm0pW0z+l6R7+JXmWyDGBJCUgEM3TRGszwdv0eKtgSYWrPcBDLQ8J/qxMNZTBEA70nOAKXQP3D2rkqNXCIXTYsnuLYzSslSlgnvq+W3jyQpc9ATrBqgSHYX43RfoALa0hXO+98MUdl7QWrG+M/62MXWDPq0jn3vi66NLz0Ptq7IKnm37iAVmLwrHEQNFgQmAukcJhJe9FKHvoxjwPCQX9oyur4iWc8TMFOnincM6CHqtEUrFtGQ==
  • Cc: <sstabellini@xxxxxxxxxx>, <stefano.stabellini@xxxxxxx>, <julien@xxxxxxx>, <Volodymyr_Babchuk@xxxxxxxx>, <bertrand.marquis@xxxxxxx>, <andrew.cooper3@xxxxxxxxxx>, <george.dunlap@xxxxxxxxxx>, <jbeulich@xxxxxxxx>, <wl@xxxxxxx>, <rahul.singh@xxxxxxx>, <michal.orzel@xxxxxxx>, "Ayan Kumar Halder" <ayan.kumar.halder@xxxxxxx>
  • Delivery-date: Thu, 18 May 2023 14:41:03 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
handle_pci_range() and map_range_to_domain() take addr and len as uint64_t
parameters. Then frame numbers are obtained from addr and len by right shifting
with PAGE_SHIFT. The frame numbers are expressed using unsigned long.

Now if 64-bit >> PAGE_SHIFT, the result will have 52-bits as valid. On a 32-bit
system, 'unsigned long' is 32-bits. Thus, there is a potential loss of value
when the result is stored as 'unsigned long'.

To mitigate this issue, we check if the starting and end address can be
contained within the range of physical address supported on the system. If not,
then an appropriate error is returned.

Signed-off-by: Ayan Kumar Halder <ayan.kumar.halder@xxxxxxx>
Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>
Reviewed-by: Michal Orzel <michal.orzel@xxxxxxx>
---
Changes from :-
v1...v4 - NA. New patch introduced in v5.

v5 - 1. Updated the error message
2. Used "(((paddr_t)~0 - addr) < len)" to check the limit on len.
3. Changes in the prototype of "map_range_to_domain()" has been
addressed by the patch 8.

v6 - Trivial changes. Added R-b.

 xen/arch/arm/domain_build.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
index 50b85ea783..cb23f531a8 100644
--- a/xen/arch/arm/domain_build.c
+++ b/xen/arch/arm/domain_build.c
@@ -1643,6 +1643,13 @@ static int __init handle_pci_range(const struct 
dt_device_node *dev,
     paddr_t start, end;
     int res;
 
+    if ( (addr != (paddr_t)addr) || (((paddr_t)~0 - addr) < len) )
+    {
+        printk(XENLOG_ERR "%s: [0x%"PRIx64", 0x%"PRIx64"] exceeds the maximum 
allowed PA width (%u bits)",
+               dt_node_full_name(dev), addr, (addr + len), PADDR_BITS);
+        return -ERANGE;
+    }
+
     start = addr & PAGE_MASK;
     end = PAGE_ALIGN(addr + len);
     res = rangeset_remove_range(mem_holes, PFN_DOWN(start), PFN_DOWN(end - 1));
@@ -2333,6 +2340,13 @@ int __init map_range_to_domain(const struct 
dt_device_node *dev,
     struct domain *d = mr_data->d;
     int res;
 
+    if ( (addr != (paddr_t)addr) || (((paddr_t)~0 - addr) < len) )
+    {
+        printk(XENLOG_ERR "%s: [0x%"PRIx64", 0x%"PRIx64"] exceeds the maximum 
allowed PA width (%u bits)",
+               dt_node_full_name(dev), addr, (addr + len), PADDR_BITS);
+        return -ERANGE;
+    }
+
     /*
      * reserved-memory regions are RAM carved out for a special purpose.
      * They are not MMIO and therefore a domain should not be able to
-- 
2.17.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.