[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/3] x86: Reject bad %dr6/%dr7 values when loading guest state

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 30 Aug 2023 08:46:33 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+2uLSCX/srOm42XJ877ZZdC+w15vCDc8KMxDxQXE464=; b=f2xASKSlqapSB8KL95/O9A50Ljt+cCLCGEvaHvdPP4cc5mMHTGmkMsyhfRI4MAW7HdOchZBnN9a2vL9jgLS88ZwZKAoJdhPTNMiXYbzqwufLS8kM3TPC97BUATwOvO9Ofn5uKeUfP7XuA5G+vZoVqO+qci0cSDToQ/45V2aEbzWP85+AtLHBsvxjh3tXmJTqZhqBo1gK6osO7AizPUsT0I2hx7Md3u1sFUHZYlc71gtISJzjUK33dP4wV5AMi8gYVX6iENYvc7YnvJT4ny2u7RxXjoadfgFlDylS3p+UDGsEO6P3oxNnU+XTgIWbaYXZmace9vxC8LVYReEqXwXyOA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L8mBS3e+z8VZalxz6I/dLVLQ2PpB/Ojf6ddKRWt/m3CBa2M7efCfwOklAlNaYYWPJyZfYaO9Z+mn/Ydnk97FnoHsKbpHOvas3y2QgMB3yxxyfg92z0vaRGBnyCsYPWy7rWw1zo6nmJzFjEQ7VJCDiJRsPhHSWsi95EHRc5S07Azds9LNmeEaXtN3pUhmCTjiYL98r6vasqaKMmxhN1Cui/wHIFrspAqrzwCEg6nNiHHpZK0NhR7AnTs9RqZoJFO8Buc3jh1su90JWg4xDGs9o1Z/z3+NNGdBEBuQf2t9WqOel27EOM0yMzFAr/uSblfrzm6Vtp4iQ/9c/DgR5A7Ijw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jinoh Kang <jinoh.kang.kr@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 30 Aug 2023 06:46:47 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 29.08.2023 15:43, Andrew Cooper wrote:
> --- a/xen/arch/x86/domain.c
> +++ b/xen/arch/x86/domain.c
> @@ -1074,8 +1074,27 @@ int arch_set_info_guest(
>  #endif
>      flags = c(flags);
>  
> +    if ( !compat )
> +    {
> +        if ( c(debugreg[6]) != (uint32_t)c(debugreg[6]) ||
> +             c(debugreg[7]) != (uint32_t)c(debugreg[7]) )
> +            return -EINVAL;
> +    }
> +
>      if ( is_pv_domain(d) )
>      {
> +        /*
> +         * Prior to Xen 4.11, dr5 was used to hold the emulated-only
> +         * subset of dr7, and dr4 was unused.
> +         *
> +         * In Xen 4.11 and later, dr4/5 are written as zero, ignored for
> +         * backwards compatibility, and dr7 emulation is handled
> +         * internally.
> +         */
> +        for ( i = 0; i < ARRAY_SIZE(v->arch.dr); i++ )
> +            if ( !access_ok(c(debugreg[i]), sizeof(long)) )
> +                return -EINVAL;
> +
>          if ( !compat )
>          {
>              if ( !is_canonical_address(c.nat->user_regs.rip) ||

One more thing here: v->arch.dr is an array of 4 elements, i.e. doesn't
cover %dr4 and up. That's not directly visible here, though, so the
comment ahead of the loop talking about those other 4 registers is a
little misleading. Would you mind moving it below the loop?

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.