* [PATCH] x86/32on64: properly honor add-to-physmap-batch's size
@ 2017-04-25 9:03 Jan Beulich
2017-04-25 13:54 ` Wei Liu
2017-04-25 14:57 ` Andrew Cooper
0 siblings, 2 replies; 4+ messages in thread
From: Jan Beulich @ 2017-04-25 9:03 UTC (permalink / raw)
To: xen-devel
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Ian Jackson, Marek Marczykowski, Tim Deegan, Julien Grall
[-- Attachment #1: Type: text/plain, Size: 1671 bytes --]
Commit 407a3c00ff ("compat/memory: fix build with old gcc") "fixed" a
build issue by switching to the use of uninitialized data. Due to
- the bounding of the uninitialized data item
- the accessed area being outside of Xen space
- arguments being properly verified by the native hypercall function
this is not a security issue.
Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/common/compat/memory.c
+++ b/xen/common/compat/memory.c
@@ -251,7 +251,7 @@ int compat_memory_op(unsigned int cmd, X
unsigned int limit = (COMPAT_ARG_XLAT_SIZE - sizeof(*nat.atpb))
/ (sizeof(nat.atpb->idxs.p) + sizeof(nat.atpb->gpfns.p));
/* Use an intermediate variable to suppress warnings on old gcc: */
- unsigned int size = cmp.atpb.size;
+ unsigned int size;
xen_ulong_t *idxs = (void *)(nat.atpb + 1);
xen_pfn_t *gpfns = (void *)(idxs + limit);
/*
@@ -262,8 +262,10 @@ int compat_memory_op(unsigned int cmd, X
enum XLAT_add_to_physmap_batch_u u =
XLAT_add_to_physmap_batch_u_res0;
- if ( copy_from_guest(&cmp.atpb, compat, 1) ||
- !compat_handle_okay(cmp.atpb.idxs, size) ||
+ if ( copy_from_guest(&cmp.atpb, compat, 1) )
+ return -EFAULT;
+ size = cmp.atpb.size;
+ if ( !compat_handle_okay(cmp.atpb.idxs, size) ||
!compat_handle_okay(cmp.atpb.gpfns, size) ||
!compat_handle_okay(cmp.atpb.errs, size) )
return -EFAULT;
[-- Attachment #2: x86-32on64-atpb-size.patch --]
[-- Type: text/plain, Size: 1761 bytes --]
x86/32on64: properly honor add-to-physmap-batch's size
Commit 407a3c00ff ("compat/memory: fix build with old gcc") "fixed" a
build issue by switching to the use of uninitialized data. Due to
- the bounding of the uninitialized data item
- the accessed area being outside of Xen space
- arguments being properly verified by the native hypercall function
this is not a security issue.
Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/common/compat/memory.c
+++ b/xen/common/compat/memory.c
@@ -251,7 +251,7 @@ int compat_memory_op(unsigned int cmd, X
unsigned int limit = (COMPAT_ARG_XLAT_SIZE - sizeof(*nat.atpb))
/ (sizeof(nat.atpb->idxs.p) + sizeof(nat.atpb->gpfns.p));
/* Use an intermediate variable to suppress warnings on old gcc: */
- unsigned int size = cmp.atpb.size;
+ unsigned int size;
xen_ulong_t *idxs = (void *)(nat.atpb + 1);
xen_pfn_t *gpfns = (void *)(idxs + limit);
/*
@@ -262,8 +262,10 @@ int compat_memory_op(unsigned int cmd, X
enum XLAT_add_to_physmap_batch_u u =
XLAT_add_to_physmap_batch_u_res0;
- if ( copy_from_guest(&cmp.atpb, compat, 1) ||
- !compat_handle_okay(cmp.atpb.idxs, size) ||
+ if ( copy_from_guest(&cmp.atpb, compat, 1) )
+ return -EFAULT;
+ size = cmp.atpb.size;
+ if ( !compat_handle_okay(cmp.atpb.idxs, size) ||
!compat_handle_okay(cmp.atpb.gpfns, size) ||
!compat_handle_okay(cmp.atpb.errs, size) )
return -EFAULT;
[-- Attachment #3: Type: text/plain, Size: 127 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] x86/32on64: properly honor add-to-physmap-batch's size
2017-04-25 9:03 [PATCH] x86/32on64: properly honor add-to-physmap-batch's size Jan Beulich
@ 2017-04-25 13:54 ` Wei Liu
2017-04-25 14:00 ` Julien Grall
2017-04-25 14:57 ` Andrew Cooper
1 sibling, 1 reply; 4+ messages in thread
From: Wei Liu @ 2017-04-25 13:54 UTC (permalink / raw)
To: Jan Beulich
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Andrew Cooper,
Ian Jackson, Marek Marczykowski, Tim Deegan, Julien Grall,
xen-devel
On Tue, Apr 25, 2017 at 03:03:42AM -0600, Jan Beulich wrote:
> Commit 407a3c00ff ("compat/memory: fix build with old gcc") "fixed" a
> build issue by switching to the use of uninitialized data. Due to
> - the bounding of the uninitialized data item
> - the accessed area being outside of Xen space
> - arguments being properly verified by the native hypercall function
> this is not a security issue.
>
> Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] x86/32on64: properly honor add-to-physmap-batch's size
2017-04-25 13:54 ` Wei Liu
@ 2017-04-25 14:00 ` Julien Grall
0 siblings, 0 replies; 4+ messages in thread
From: Julien Grall @ 2017-04-25 14:00 UTC (permalink / raw)
To: Wei Liu, Jan Beulich
Cc: Stefano Stabellini, George Dunlap, Andrew Cooper, Ian Jackson,
Marek Marczykowski, Tim Deegan, xen-devel
Hi,
On 25/04/17 14:54, Wei Liu wrote:
> On Tue, Apr 25, 2017 at 03:03:42AM -0600, Jan Beulich wrote:
>> Commit 407a3c00ff ("compat/memory: fix build with old gcc") "fixed" a
>> build issue by switching to the use of uninitialized data. Due to
>> - the bounding of the uninitialized data item
>> - the accessed area being outside of Xen space
>> - arguments being properly verified by the native hypercall function
>> this is not a security issue.
>>
>> Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Release-acked-by: Julien Grall <julien.grall@arm.com>
Cheers,
--
Julien Grall
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] x86/32on64: properly honor add-to-physmap-batch's size
2017-04-25 9:03 [PATCH] x86/32on64: properly honor add-to-physmap-batch's size Jan Beulich
2017-04-25 13:54 ` Wei Liu
@ 2017-04-25 14:57 ` Andrew Cooper
1 sibling, 0 replies; 4+ messages in thread
From: Andrew Cooper @ 2017-04-25 14:57 UTC (permalink / raw)
To: Jan Beulich, xen-devel
Cc: Stefano Stabellini, Wei Liu, George Dunlap, Tim Deegan,
Ian Jackson, Marek Marczykowski, Julien Grall
On 25/04/17 10:03, Jan Beulich wrote:
> Commit 407a3c00ff ("compat/memory: fix build with old gcc") "fixed" a
> build issue by switching to the use of uninitialized data. Due to
> - the bounding of the uninitialized data item
> - the accessed area being outside of Xen space
> - arguments being properly verified by the native hypercall function
> this is not a security issue.
>
> Reported-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-04-25 16:44 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-25 9:03 [PATCH] x86/32on64: properly honor add-to-physmap-batch's size Jan Beulich
2017-04-25 13:54 ` Wei Liu
2017-04-25 14:00 ` Julien Grall
2017-04-25 14:57 ` Andrew Cooper
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.