[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] x86/PV: don't use access_ok() in set_debugreg()
- To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Tue, 5 Sep 2023 11:01:53 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xg5KCu1n8KLFrYWgLwAidW+Hx8AYR9obGKSxceilEMU=; b=SRpwakU61TJX/jKk8oktQUEsHc1Ofns39Bh5KRzZY5P98dOKi8yQIbRS6DyxHcJginMnxL7r5G5TBFnQ57CgrDiWd8999bD1YT8k34uzIMrkOywCpHPbfjbCMC3aRgsj3ymkdK1wdv7ChQHV3PtNSTykKxr0+3KA3fy4Vk4pG1gFRF97V5jSLJBUuiEZEn3vr3l6XX6NZSm6PmeiaXgkde3NwbDiI9Ow0KPyXARL7IjlMccjtiCeSep55wqHpRfrnb4aldGxuGS1Nfzuk6Lhrezha3JNZ/SKHJ/39smvoRYtF/3rUuKNZWVU7l42fGwzeNrp4LF6K8yOHEjRgXg9Ng==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=e/DvZ9Ff6MgIHaEYIQD6S55FXNEmefzgiOZKlg0+/8jhW1BK+ItR67oXP/9A5QJNtATL4Ivtl6FKEcTYkwzaqZmed8HQuo3Hhwig896/8xhJHPcgaCgWpbyuioE3BF+4NX3C8AJQprhPEQW/5QyorVkGTbh0nDst/WBeSLfpgQZXeebMNwDyZK/2gLQbDa8H+il9cgEW2LKAXYODYz1A/k3meLtHcrHbi+pSWk8lexvumxeR4GiCADXZxkvwtGQnhoqQEVvjxTQqc9Qxhivhclhzhvs4YoX3LPrPkBY51M/UsqpFbhZfVvY4qpsfAZPWhnCMD2CNzgDfJd+cGjVFqQ==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
- Delivery-date: Tue, 05 Sep 2023 09:02:10 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
access_ok() is not be applicable here; we really only want a linear
address check for breakpoint addresses, as putting those in debug
register isn't going to result in actual memory accesses. Furthermore
access_ok() assumes to be acting on current, which isn't the case here
when called from arch_set_info_guest().
Note that access_ok() was too lax anyway for 32-bit domains.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
---
The questionable use of sizeof(long) is left in place for the moment,
as it's not clear how to best deal with the upper bound of breakpoint
covered ranges: We'd like those to not cover Xen space.
--- a/xen/arch/x86/pv/misc-hypercalls.c
+++ b/xen/arch/x86/pv/misc-hypercalls.c
@@ -60,7 +60,10 @@ long set_debugreg(struct vcpu *v, unsign
switch ( reg )
{
case 0 ... 3:
- if ( !access_ok(value, sizeof(long)) )
+ if ( is_pv_32bit_vcpu(v)
+ ? value + sizeof(long) > HYPERVISOR_COMPAT_VIRT_START(v->domain)
+ : value + sizeof(long) > (1UL << (VADDR_BITS - 1)) &&
+ value < HYPERVISOR_VIRT_END )
return -EPERM;
v->arch.dr[reg] = value;
|
