[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v5 01/18] xen/pmstat: guard perf.states[] access with XEN_PX_INIT

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: "Penny, Zheng" <penny.zheng@xxxxxxx>
  • Date: Mon, 16 Jun 2025 09:05:20 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=86DipraPTR65br2hSMwr9FW4ooObYOdYVQ7sKn3EtmM=; b=GshT5erps1nRBHNYbD+GQ/jA7DzV64eVp/VBQIf23aj5zPuftBriITSwfVNMsqb8ysMmKKfY1CywDIjgZFzzhyZhk9Nr37eufXBWzDDnhKXQhk/1ermN3U9rYf3EEhU6BN2L7T0qebfC3hbHZS/98so2X1IAHGHp2DfzfHADjFKUI5lGBlFT7DmyaDkS+pPPdPbDTUn3hbsjWYmudUjATwdmOLy/YMbZSv7ObKsmKGuVszCxUMa3TBBxiBpmGtwDCrQcnMbAjiYGMHCZe0BZFa99sw/+b5ZTnAjBM7bSctMRmZyigpheEaw93V1dj3GrBQj/c0hrHYYGblXzDTqNMg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=UM4AvX0zHU8PourLkY8w8xTXqYkWNfFoHiVBDQPpNAdJcdJY4ZdF7oHmRm0YlBOoXG7f59qiJrbt+D3RRpfZbhDw4+avkfN27IAzP11PFxg3fgg7Bj2kFJusX0OVs6reHsJokISEnSQ6zN3iPZ7RznzEObKVreu4tATxIvxZd8XO1WeScLWxo1X4JvBZGd5keTyo3s2/nOdLFgm0GU6iJuP04qTn1rwauHo5F/4H41RbMImiD2+y9/XyIxyHYmaC5WMP/c3SaUtMmxGPNVFOjxZPzMPw0CIITP2y/7E7gDtxYqSViHCAmWoM1lSXszk8sv8wdFzzFbdZdoH6HOuolw==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com;
  • Cc: "Huang, Ray" <Ray.Huang@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 16 Jun 2025 09:05:37 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Msip_labels: MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_Enabled=True;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_SiteId=3dd8961f-e488-4e60-8e11-a82d994e183d;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_SetDate=2025-06-16T09:05:12.0000000Z;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_Name=Open Source;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_ContentBits=3;MSIP_Label_f265efc6-e181-49d6-80f4-fae95cf838a0_Method=Privileged
  • Thread-index: AQHbzuQ5KDq5M5MbdEiyL/UuBwqBb7P+KsSAgALCz6A=
  • Thread-topic: [PATCH v5 01/18] xen/pmstat: guard perf.states[] access with XEN_PX_INIT
[Public]

> -----Original Message-----
> From: Jan Beulich <jbeulich@xxxxxxxx>
> Sent: Wednesday, June 11, 2025 11:20 PM
> To: Penny, Zheng <penny.zheng@xxxxxxx>
> Cc: Huang, Ray <Ray.Huang@xxxxxxx>; xen-devel@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [PATCH v5 01/18] xen/pmstat: guard perf.states[] access with
> XEN_PX_INIT
>
> On 27.05.2025 10:48, Penny Zheng wrote:
> > Accessing to perf.states[] array shall not be only guarded with
> > user-defined hypercall input, so we add XEN_PX_INIT check to gain safety.
>
> What is "guarded with user-defined hypercall input"? And what safety are we
> lacking?
>
> > --- a/xen/drivers/acpi/pmstat.c
> > +++ b/xen/drivers/acpi/pmstat.c
> > @@ -228,10 +228,13 @@ static int get_cpufreq_para(struct xen_sysctl_pm_op
> *op)
> >      ret = copy_to_guest(op->u.get_para.affected_cpus,
> >                          data, op->u.get_para.cpu_num);
> >
> > -    for ( i = 0; i < op->u.get_para.freq_num; i++ )
> > -        data[i] = pmpt->perf.states[i].core_frequency * 1000;
> > -    ret += copy_to_guest(op->u.get_para.scaling_available_frequencies,
> > -                         data, op->u.get_para.freq_num);
> > +    if ( pmpt->perf.init & XEN_PX_INIT )
> > +    {
> > +        for ( i = 0; i < op->u.get_para.freq_num; i++ )
> > +            data[i] = pmpt->perf.states[i].core_frequency * 1000;
> > +        ret += copy_to_guest(op->u.get_para.scaling_available_frequencies,
> > +                             data, op->u.get_para.freq_num);
> > +    }
>
> Going from just the code change: You want to avoid copying out frequency 
> values
> when none have been reported? But when none have been reported, isn't pmpt-
> >perf.state_count (against which op->u.get_para.freq_num was
> validated) simply going to be 0? If not, how would callers know that no data 
> was
> handed back to them?

I may misunderstand what you've commented on v4 patch "tools/xenpm: Print CPPC 
parameters for amd-cppc driver", quoting the discussion there,
"
This looks questionable all on its own. Where is it that ->perf.states 
allocation
is being avoided? I first thought it might be patch 06 which is related, but 
that
doesn't look to be it. In any event further down from here there is

    for ( i = 0; i < op->u.get_para.freq_num; i++ )
        data[i] = pmpt->perf.states[i].core_frequency * 1000;

i.e. an access to the array solely based on hypercall input.
"
I thought we were indicating a scenario, user accidentally writes the 
"op->u.get_para.freq_num ", and it leads to accessing out-of-range array slot 
in CPPC mode. That's the reason why I added this guard

Buit as you said at the very beginning,  op->u.get_para.freq_num is validated 
against pmpt->perf.state_count, so ig the above scenario will not happen, I'll 
delete this commit.

>
> Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.