lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9503a622-4690-2dfb-21fa-0e343d56fcba@suse.com>
Date:   Tue, 20 Dec 2016 10:57:27 +0100
From:   Juergen Gross <jgross@...e.com>
To:     Jiandi An <anjiandi@...eaurora.org>,
        Stefano Stabellini <sstabellini@...nel.org>
Cc:     boris.ostrovsky@...cle.com, xen-devel@...ts.xenproject.org,
        linux-kernel@...r.kernel.org, julien.grall@....com,
        shankerd@...eaurora.org, shannon.zhao@...aro.org
Subject: Re: [PATCH] Xen: ARM: Zero reserved fields of xatp before making
 hypervisor call

On 20/12/16 06:02, Jiandi An wrote:
> On 12/19/16 12:49, Stefano Stabellini wrote:
>> On Mon, 19 Dec 2016, Juergen Gross wrote:
>>> On 19/12/16 03:56, Jiandi An wrote:
>>>> Ensure all reserved fields of xatp are zero before making hypervisor
>>>> call to XEN in xen_map_device_mmio().  xenmem_add_to_physmap_one() in
>>>> XEN fails the mapping request if extra.res reserved field in xatp is
>>>> not zero for XENMAPSPACE_dev_mmio request.
>>>>
>>>> Signed-off-by: Jiandi An <anjiandi@...eaurora.org>
>>>> ---
>>>>  drivers/xen/arm-device.c | 3 +++
>>>>  1 file changed, 3 insertions(+)
>>>>
>>>> diff --git a/drivers/xen/arm-device.c b/drivers/xen/arm-device.c
>>>> index 778acf8..208273b 100644
>>>> --- a/drivers/xen/arm-device.c
>>>> +++ b/drivers/xen/arm-device.c
>>>> @@ -87,6 +87,9 @@ static int xen_map_device_mmio(const struct resource *resources,
>>>>  			idxs[j] = XEN_PFN_DOWN(r->start) + j;
>>>>  		}
>>>>  
>>>> +		/* Ensure reserved fields are set to zero */
>>>> +		memset(&xatp, 0, sizeof(xatp));
>>>> +
>>>>  		xatp.domid = DOMID_SELF;
>>>>  		xatp.size = nr;
>>>>  		xatp.space = XENMAPSPACE_dev_mmio;
>>>
>>> Instead of setting xatp to 0 in each iteration I'd prefer a static
>>> initialization of .domid and .space:
>>>
>>> 	struct xen_add_to_physmap_range xatp = {
>>> 		.domid = DOMID_SELF,
>>> 		.space = XENMAPSPACE_dev_mmio
>>> 	};
>>
>> +1
>>
> 
> Hi Juergen,
> 
> Thanks for you comments.  xatp is passed to XEN via the hypervisor call in each loop.
> XEN touches xatp and returns it back.  For example XEN returns error of underlying mapping call in the err[] array in xatp. (The err[] is not checked after the hypervisor call returns and it's a bug to be addressed in a separate patch)  XEN could theoretically corrupt xatp when it's returned.  And the loop would go on to the next iteration passing in whatever that's in xatp returned by the previous hypervisor call.  Harder to debug in my opinion if xatp get corrupted by XEN somehow when a bug is introduced in XEN.  At first I put the memset of xatp at the beginning outside of the loop.  But I thought it's better to initialize xatp that's passed in each time a hypervisor call is made so we know exactly we set going into the hypervisor call.
> 

It is very clearly specified which parameters are IN and which are OUT.
No trusting the hypervisor to follow this interface specification is
weird. Where do you want to stop?


Juergen

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ