Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
xen.26348
xsa313-2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa313-2.patch of Package xen.26348
From: Jan Beulich <jbeulich@suse.com> Subject: xenoprof: limit consumption of shared buffer data Since a shared buffer can be written to by the guest, we may only read the head and tail pointers from there (all other fields should only ever be written to). Furthermore, for any particular operation the two values must be read exactly once, with both checks and consumption happening with the thus read values. (The backtrace related xenoprof_buf_space() use in xenoprof_log_event() is an exception: The values used there get re-checked by every subsequent xenoprof_add_sample().) Since that code needed touching, also fix the double increment of the lost samples count in case the backtrace related xenoprof_add_sample() invocation in xenoprof_log_event() fails. Where code is being touched anyway, add const as appropriate, but take the opportunity to entirely drop the now unused domain parameter of xenoprof_buf_space(). This is part of XSA-313. Signed-off-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: George Dunlap <george.dunlap@citrix.com> --- a/xen/include/xen/lib.h.orig 2020-04-06 21:07:06.326943622 -0600 +++ b/xen/include/xen/lib.h 2020-04-06 21:07:57.556974056 -0600 @@ -50,6 +50,11 @@ #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]) + __must_be_array(x)) +#define __ACCESS_ONCE(x) ({ \ + (void)(typeof(x))0; /* Scalar typecheck. */ \ + (volatile typeof(x) *)&(x); }) +#define ACCESS_ONCE(x) (*__ACCESS_ONCE(x)) + #define MASK_EXTR(v, m) (((v) & (m)) / ((m) & -(m))) #define MASK_INSR(v, m) (((v) * ((m) & -(m))) & (m)) --- a/xen/common/xenoprof.c +++ b/xen/common/xenoprof.c @@ -474,25 +474,22 @@ static int add_passive_list(XEN_GUEST_HA /* Get space in the buffer */ -static int xenoprof_buf_space(struct domain *d, xenoprof_buf_t * buf, int size) +static int xenoprof_buf_space(int head, int tail, int size) { - int head, tail; - - head = xenoprof_buf(d, buf, event_head); - tail = xenoprof_buf(d, buf, event_tail); - return ((tail > head) ? 0 : size) + tail - head - 1; } /* Check for space and add a sample. Return 1 if successful, 0 otherwise. */ -static int xenoprof_add_sample(struct domain *d, xenoprof_buf_t *buf, +static int xenoprof_add_sample(const struct domain *d, + const struct xenoprof_vcpu *v, uint64_t eip, int mode, int event) { + xenoprof_buf_t *buf = v->buffer; int head, tail, size; head = xenoprof_buf(d, buf, event_head); tail = xenoprof_buf(d, buf, event_tail); - size = xenoprof_buf(d, buf, event_size); + size = v->event_size; /* make sure indexes in shared buffer are sane */ if ( (head < 0) || (head >= size) || (tail < 0) || (tail >= size) ) @@ -501,7 +498,7 @@ static int xenoprof_add_sample(struct do return 0; } - if ( xenoprof_buf_space(d, buf, size) > 0 ) + if ( xenoprof_buf_space(head, tail, size) > 0 ) { xenoprof_buf(d, buf, event_log[head].eip) = eip; xenoprof_buf(d, buf, event_log[head].mode) = mode; @@ -525,7 +522,6 @@ static int xenoprof_add_sample(struct do int xenoprof_add_trace(struct vcpu *vcpu, uint64_t pc, int mode) { struct domain *d = vcpu->domain; - xenoprof_buf_t *buf = d->xenoprof->vcpu[vcpu->vcpu_id].buffer; /* Do not accidentally write an escape code due to a broken frame. */ if ( pc == XENOPROF_ESCAPE_CODE ) @@ -534,7 +530,8 @@ int xenoprof_add_trace(struct vcpu *vcpu return 0; } - return xenoprof_add_sample(d, buf, pc, mode, 0); + return xenoprof_add_sample(d, &d->xenoprof->vcpu[vcpu->vcpu_id], + pc, mode, 0); } void xenoprof_log_event(struct vcpu *vcpu, const struct cpu_user_regs *regs, @@ -565,17 +562,22 @@ void xenoprof_log_event(struct vcpu *vcp /* Provide backtrace if requested. */ if ( backtrace_depth > 0 ) { - if ( (xenoprof_buf_space(d, buf, v->event_size) < 2) || - !xenoprof_add_sample(d, buf, XENOPROF_ESCAPE_CODE, mode, - XENOPROF_TRACE_BEGIN) ) + if ( xenoprof_buf_space(xenoprof_buf(d, buf, event_head), + xenoprof_buf(d, buf, event_tail), + v->event_size) < 2 ) { xenoprof_buf(d, buf, lost_samples)++; lost_samples++; return; } + + /* xenoprof_add_sample() will increment lost_samples on failure */ + if ( !xenoprof_add_sample(d, v, XENOPROF_ESCAPE_CODE, mode, + XENOPROF_TRACE_BEGIN) ) + return; } - if ( xenoprof_add_sample(d, buf, pc, mode, event) ) + if ( xenoprof_add_sample(d, v, pc, mode, event) ) { if ( is_active(vcpu->domain) ) active_samples++; --- a/xen/include/xen/xenoprof.h +++ b/xen/include/xen/xenoprof.h @@ -61,12 +61,12 @@ struct xenoprof { #ifndef CONFIG_COMPAT #define XENOPROF_COMPAT(x) 0 -#define xenoprof_buf(d, b, field) ((b)->field) +#define xenoprof_buf(d, b, field) ACCESS_ONCE((b)->field) #else #define XENOPROF_COMPAT(x) ((x)->is_compat) -#define xenoprof_buf(d, b, field) (*(!(d)->xenoprof->is_compat ? \ - &(b)->native.field : \ - &(b)->compat.field)) +#define xenoprof_buf(d, b, field) ACCESS_ONCE(*(!(d)->xenoprof->is_compat \ + ? &(b)->native.field \ + : &(b)->compat.field)) #endif struct domain; --- xen-4.7.6-testing/xen/drivers/passthrough/arm/smmu.c.orig 2021-04-09 04:01:57.549558002 -0600 +++ xen-4.7.6-testing/xen/drivers/passthrough/arm/smmu.c 2021-04-09 04:02:38.849556999 -0600 @@ -203,6 +203,8 @@ typedef paddr_t phys_addr_t; * version here. We will have to drop it when the SMMU code in Linux will * switch to {READ, WRITE}_ONCE. */ +#undef __ACCESS_ONCE +#undef ACCESS_ONCE #define __ACCESS_ONCE(x) ({ \ __maybe_unused typeof(x) __var = 0; \ (volatile typeof(x) *)&(x); })
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor