Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
xen.16552
5f046d5c-check-VCPUOP_register_vcpu_info-alignm...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 5f046d5c-check-VCPUOP_register_vcpu_info-alignment.patch of Package xen.16552
# Commit 3fdc211b01b29f252166937238efe02d15cb5780 # Date 2020-07-07 14:41:00 +0200 # Author Julien Grall <jgrall@amazon.com> # Committer Jan Beulich <jbeulich@suse.com> xen: Check the alignment of the offset pased via VCPUOP_register_vcpu_info Currently a guest is able to register any guest physical address to use for the vcpu_info structure as long as the structure can fits in the rest of the frame. This means a guest can provide an address that is not aligned to the natural alignment of the structure. On Arm 32-bit, unaligned access are completely forbidden by the hypervisor. This will result to a data abort which is fatal. On Arm 64-bit, unaligned access are only forbidden when used for atomic access. As the structure contains fields (such as evtchn_pending_self) that are updated using atomic operations, any unaligned access will be fatal as well. While the misalignment is only fatal on Arm, a generic check is added as an x86 guest shouldn't sensibly pass an unaligned address (this would result to a split lock). This is XSA-327. Reported-by: Julien Grall <jgrall@amazon.com> Signed-off-by: Julien Grall <jgrall@amazon.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1253,10 +1253,20 @@ int map_vcpu_info(struct vcpu *v, unsign void *mapping; vcpu_info_t *new_info; struct page_info *page; + unsigned int align; if ( offset > (PAGE_SIZE - sizeof(vcpu_info_t)) ) return -EINVAL; +#ifdef CONFIG_COMPAT + if ( has_32bit_shinfo(d) ) + align = alignof(new_info->compat); + else +#endif + align = alignof(*new_info); + if ( offset & (align - 1) ) + return -EINVAL; + if ( !mfn_eq(v->vcpu_info_mfn, INVALID_MFN) ) return -EINVAL;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor