| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Nov 2021 08:41:56 +0100
From: Jan Beulich <jbeulich@...e.com>
To: Stefano Stabellini <sstabellini@...nel.org>
Cc: boris.ostrovsky@...cle.com, xen-devel@...ts.xenproject.org,
linux-kernel@...r.kernel.org,
Stefano Stabellini <stefano.stabellini@...inx.com>,
stable@...r.kernel.org, jgross@...e.com
Subject: Re: [PATCH] xen: detect uninitialized xenbus in xenbus_init
On 17.11.2021 03:11, Stefano Stabellini wrote:
> --- a/drivers/xen/xenbus/xenbus_probe.c
> +++ b/drivers/xen/xenbus/xenbus_probe.c
> @@ -951,6 +951,18 @@ static int __init xenbus_init(void)
> err = hvm_get_parameter(HVM_PARAM_STORE_PFN, &v);
> if (err)
> goto out_error;
> + /*
> + * Uninitialized hvm_params are zero and return no error.
> + * Although it is theoretically possible to have
> + * HVM_PARAM_STORE_PFN set to zero on purpose, in reality it is
> + * not zero when valid. If zero, it means that Xenstore hasn't
> + * been properly initialized. Instead of attempting to map a
> + * wrong guest physical address return error.
> + */
> + if (v == 0) {
> + err = -ENOENT;
> + goto out_error;
> + }
If such a check gets added, then I think known-invalid frame numbers
should be covered at even higher a priority than zero. This would,
for example, also mean to ...
> xen_store_gfn = (unsigned long)v;
... stop silently truncating a value here.
By covering them we would then have the option to pre-fill PFN params
with, say, ~0 in the hypervisor (to clearly identify them as invalid,
rather than having to guess at the validity of 0). I haven't really
checked yet whether such a change would be compatible with existing
software ...
Jan
Powered by blists - more mailing lists