[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/3] x86: Reject bad %dr6/%dr7 values when loading guest state

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Wed, 30 Aug 2023 15:35:56 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LmdxjvyQE9SI6O03xiflTvhbovcpqezUsDMRUpp70sg=; b=D37iSM1q9M15LBQg+zDUA7y52Rrz7I9mz+X2eBtczR+Bw0wd2orj+2AW4D0+LZh4Z+xgpv2jUdngtzB5AbqJnVwSXxCt9JY4i2OayV9kNhQ/goWUomjTngmazjBRqOL4+xY6HVcvAeOMULwtSr89E8LoEsUVFUY/xQ6nYOMYFo0UazbMAeztrehQ3wjv6stuI0ilN7ka5WkNzjWzuN01Dq9w1argfxhciVWkqMeC4QxRdQ3fD62L9xyRMRsK5jHYp0+42uJiD/vqNkqtCLJw+bJS0y2WELS4htIEf2QhW37AdlTYHJMhVOIgYAKBnMQgkD29k0wqlt1VAgregCkaqA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gD0hcgaGpyp9kyirLVcHrjVIjI/6iMlzJGoAx3NblagNMclHaZRVveAaaV5gZL0hhrTshjKizeLCL+vsG3jqfWxjuno/Gr+6QqSzxkuM4TYcPIdO9jKWDk29S8XabM8orRrDSTUlqxaUHKkJEeHMilR+qahvle0zbh0agFXrlZzAOCO4dspnTjcDwhoV1E8fd9lZEH8gr9kM+Fd5WiKM+kfO7um/TnFmQLg+B3+KheIbtrcaZcH632IfBiyJe26/aB1UtpEjgc52jghzGu2SD1YzvrL04NkOBoiXcRKFmqL4Igvx7r03aqGHqHtcPIQUgj9fAfHj4S6wuS++5/2Mmw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jinoh Kang <jinoh.kang.kr@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 30 Aug 2023 14:36:40 +0000
  • Ironport-data: A9a23:Swe816i1VYVgzT/0BhD3tkKFX161pREKZh0ujC45NGQN5FlHY01je htvC23SPf7bM2GmfNp2b4yzoUMFucPWydRlSFM9rXo2Fy4b9cadCdqndUqhZCn6wu8v7q5Ex 55HNoSfdpBcolv0/ErF3m3J9CEkvU2wbuOgTrWCYmYpHlUMpB4J0XpLg/Q+jpNjne+3CgaMv cKai8DEMRqu1iUc3lg8sspvkzsx+qyo0N8klgZmP6sT7ASGzyN94K83fsldEVOpGuG4IcbiL wrz5OnR1n/U+R4rFuSknt7TGqHdauePVeQmoiM+t5mK2nCulARrukoIHKN0hXNsoyeIh7hMJ OBl7vRcf+uL0prkw4zxWzEAe8130DYvFLXveRBTuuTLp6HKnueFL1yDwyjaMKVBktubD12i+ tQgCi5RdzKKmtno5+OBR+lIr88qCevSadZ3VnFIlVk1DN4AaLWbGeDxw4Yd2z09wMdTAfzZe swVLyJ1awjNaAFOPVFRD48imOCvhT/0dDgwRFC9/PJrpTSMilEuluS2WDbWUoXiqcF9t0CUv G/ZuU/+BQkXLoe3wjuZ6HO8wOTImEsXXapLTuThqqE22QL7Kmo7GC0dbmWEiP6CkBSYB/R6O V5K4xEfhP1nnKCsZpynN/Gim1aGtBMBX9tbE8Uh9RqAjKHT5m6xGWwsXjNHLts8u6ceRz0s0 V/PnNrvCnpsqpWaTHuc8vGfqjbaETgYKyoOaDEJSSMB4sL/u8cjgxTXVNFhHaWpyNrvFlnNL yuiqSE/g/AIi5cN3qDjp1Tf2Wrw/d7OUxI/4RjRUiS99ARlaYW5Zouur1/G8fJHK4XfRV6E1 JQZp/WjACk1JcnlvESwrC8lRdlFO97t3OXgvGNS
  • Ironport-hdrordr: A9a23:dqOpvqnos7qhLcf2hFQ9mG5WXufpDfMxiWdD5ihNYBxZY6Wkfp +V8cjzhCWftN9OYhodcLC7V5Voj0msjKKdkrNhWotKOzOWxVdATbsSl7cKpgeNJ8SQzJ8/6U 4NSdkaNDS0NykAsS+Y2njHLz9D+rm6GcmT7I+xrkuFDzsaE52Ihz0JdTpzeXcGIDWua6BJcq Z0qvA3xQZJLh8sH7iG7zQ+LqD+T5qhruOVXTc2QzocrCWehzKh77D3VzCewxclSjtKhZsy7G TflAT9x6O799W20AXV2WP/54lf3IKJ8KoOOOW8zuwubhn8gAehY4psH5WEoTAOuemqrHo6jd XWpB8kHsJrr1fcZHu8rxfB0xTplBwu93jh41mFhmaLm721eBsKT+56wa5JeBrQ7EQt+Pl6za Jwxmqc875aFwnJkijR78XBE0gCrDv/nVMS1cooy1BPW4oXb7Fc6aQZ4UNuCZ8FWAb38pouHu VCBNzVoNxWbVSZRXbEuXQH+q3mYl0DWjO9BmQSsM2c1DZb2Fh/0ksj3cQa2kwN8ZosIqM0kN jsA+BNrvVjX8UWZaVyCKMqWs2sEFHARhrKLSa7PUnnPLtvAQOMl7fHpJEOoM26cp0By5U/3L 7bVklDiGI0c0XyTeWTwZxw9AzXSmnVZ0Wt9ihn3ek6hlTAfsuvDcXaI2pe1/dI4s9vTPEzYs zDe66/WJTYXCzT8YUg5XyLZ3AdEwhZbCQvgKdJZ7u/mLO7FmTUjJ2qTB/yHsuaLd92YBK3Pl IzGB7OGe5n0meHHlfFvTm5YQKZRqW4x+M+LJTn
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 29/08/2023 3:08 pm, Jan Beulich wrote:
> On 29.08.2023 15:43, Andrew Cooper wrote:
>> --- a/xen/arch/x86/domain.c
>> +++ b/xen/arch/x86/domain.c
>> @@ -1074,8 +1074,27 @@ int arch_set_info_guest(
>>  #endif
>>      flags = c(flags);
>>  
>> +    if ( !compat )
>> +    {
>> +        if ( c(debugreg[6]) != (uint32_t)c(debugreg[6]) ||
>> +             c(debugreg[7]) != (uint32_t)c(debugreg[7]) )
>> +            return -EINVAL;
>> +    }
>> +
>>      if ( is_pv_domain(d) )
>>      {
>> +        /*
>> +         * Prior to Xen 4.11, dr5 was used to hold the emulated-only
>> +         * subset of dr7, and dr4 was unused.
>> +         *
>> +         * In Xen 4.11 and later, dr4/5 are written as zero, ignored for
>> +         * backwards compatibility, and dr7 emulation is handled
>> +         * internally.
>> +         */
>> +        for ( i = 0; i < ARRAY_SIZE(v->arch.dr); i++ )
>> +            if ( !access_ok(c(debugreg[i]), sizeof(long)) )
> Don't you mean __addr_ok() here, i.e. not including the
> is_compat_arg_xlat_range() check? (Else I would have asked why
> sizeof(long), but that question resolves itself with using the other
> macro.)

For now, I'm simply moving a check from set_debugreg() earlier in
arch_set_info_guest().

I think it would be beneficial to keep that change independent.

~Andrew

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.