Xen project Mailing List

[PATCH v2] arm/ioreq: guard interaction data on read/write operations

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrii Chepurnyi <Andrii_Chepurnyi@xxxxxxxx>

Date: Thu, 5 Oct 2023 09:21:58 +0000

Accept-language: uk-UA, en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lAt6Qd8fD4vJ9p244TC6V+jS7EuLxVAUgm5EU9HmNrg=; b=cCqJUB85bFV2rRi4ADmsxE94jKOWame+hrHJxnQruIoo968tA2pD1rT/XXf35ijFqyywXoqpsYRX6JQqWAp1z/meGijqUbSt7bW2g5he0FnqjsvWvLCzxIoDyuaRtNWTcvSTUJNBHpsDfOGgpTohf10v9+0wAR2YhaOeGi/jS+kNK3k46c2MLI/wFUCXeBlB1OFeVo8bTcuQli0X7guet3/AHNY5WOyyRnwwnLUbFY3lbIof1DcEsje4Nz3NL8tcfqWznn83NbMLk19nMpro+kBHrXN/7C8Q8u/+Ouff9wxxdMzJ949fy+2ay/CAq8oobRhmaaNln8Q/plvCv5RpZQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RkHvwblcgSHOFJNsbX5kcv7fmHSSh0KtkYwJtXZ9IfVq+USVbSTZEmZjXI9R3MMZp/66pUxw3cUPc9Q+/BipZiLSq7fU7RBT0o2SfUgjxz01+2A4SOjO9h8glA0czf0Z4WCJq+7/Ow3M+Sp1wRyAK/h+7hTG+QhqcwAJL9rSwmwIxmWlqT9wf6n6Y1L+/HMgYzYTkHUYIEL7FTW+4DiKHt8Lo+hSH33StOyWGHCsx5AWz00BwZ2TAJ2QX6d9elDAqa8sVnWDNvry1C/gHFwRU9XMQtTV0fFmRiy9hqX+agU8pWBcp1brN+abNz8HHFoI7uYXVmxYbWIqjbguL7QrbQ==

Cc: Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, "andrii.chepurnyi82@xxxxxxxxx" <andrii.chepurnyi82@xxxxxxxxx>, Andrii Chepurnyi <Andrii_Chepurnyi@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>

Delivery-date: Thu, 05 Oct 2023 09:22:22 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHZ921jE0Gi8tDe8UKrF6otg5GdAg==

Thread-topic: [PATCH v2] arm/ioreq: guard interaction data on read/write operations

For read operations, there's a potential issue when the data field of the ioreq struct is partially updated in the response. To address this, zero data field during read operations. This modification serves as a safeguard against implementations that may inadvertently partially update the data field in response to read requests. For instance, consider an 8-bit read operation. In such cases, QEMU, returns the same content of the dat field with only 8 bits of updated data. This behavior could potentially result in the propagation of incorrect or unintended data to ioreq clients. There is also a good point to guard interaction data with actual size of the interaction. Signed-off-by: Andrii Chepurnyi <andrii_chepurnyi@xxxxxxxx> --- xen/arch/arm/ioreq.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/ioreq.c b/xen/arch/arm/ioreq.c index 3bed0a14c0..26dae8ca28 100644 --- a/xen/arch/arm/ioreq.c +++ b/xen/arch/arm/ioreq.c @@ -17,6 +17,8 @@ enum io_state handle_ioserv(struct cpu_user_regs *regs, struct vcpu *v) { const union hsr hsr = { .bits = regs->hsr }; const struct hsr_dabt dabt = hsr.dabt; + const uint8_t access_size = (1 << dabt.size) * 8; + const uint64_t access_mask = GENMASK_ULL(access_size - 1, 0); /* Code is similar to handle_read */ register_t r = v->io.req.data; @@ -26,6 +28,7 @@ enum io_state handle_ioserv(struct cpu_user_regs *regs, struct vcpu *v) if ( dabt.write ) return IO_HANDLED; + r &= access_mask; r = sign_extend(dabt, r); set_user_reg(regs, dabt.reg, r); @@ -39,6 +42,8 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, struct vcpu_io *vio = &v->io; const struct instr_details instr = info->dabt_instr; struct hsr_dabt dabt = info->dabt; + const uint8_t access_size = (1 << dabt.size) * 8; + const uint64_t access_mask = GENMASK_ULL(access_size - 1, 0); ioreq_t p = { .type = IOREQ_TYPE_COPY, .addr = info->gpa, @@ -79,8 +84,7 @@ enum io_state try_fwd_ioserv(struct cpu_user_regs *regs, return IO_HANDLED; ASSERT(dabt.valid); - - p.data = get_user_reg(regs, info->dabt.reg); + p.data = p.dir ? 0 : get_user_reg(regs, info->dabt.reg) & access_mask; vio->req = p; vio->suspended = false; vio->info.dabt_instr = instr; -- 2.25.1

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.