Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP4
xen.19912
xsa383.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xsa383.patch of Package xen.19912
From: Julien Grall <jgrall@amazon.com> Date: Sat, 3 Jul 2021 14:03:36 +0100 Subject: [PATCH] xen/arm: Restrict the amount of memory that dom0less domU and dom0 can allocate Currently, both dom0less domUs and dom0 can allocate an "unlimited" amount of memory because d->max_pages is set to ~0U. In particular, the former are meant to be unprivileged. Therefore the memory they could allocate should be bounded. As the domain are not yet officially aware of Xen (we don't expose advertise it in the DT, yet the hypercalls are accessible), they should not need to allocate more than the initial amount. So cap set d->max_pages directly the amount of memory we are meant to allocate. Take the opportunity to also restrict the memory for dom0 as the domain is direct mapped (e.g. MFN == GFN) and therefore cannot allocate outside of the pre-allocated region. This is CVE-2021-28700 / XSA-383. Signed-off-by: Julien Grall <jgrall@amazon.com> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> Tested-by: Stefano Stabellini <sstabellini@kernel.org> --- xen/arch/arm/domain_build.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 6c86d527810f..206038d1c022 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -2439,7 +2439,8 @@ static int __init construct_domU(struct if ( vcpu_create(d, 0) == NULL ) return -ENOMEM; - d->max_pages = ~0U; + + d->max_pages = ((paddr_t)mem * SZ_1K) >> PAGE_SHIFT; kinfo.d = d; @@ -2540,7 +2541,7 @@ int __init construct_dom0(struct domain iommu_hwdom_init(d); - d->max_pages = ~0U; + d->max_pages = dom0_mem >> PAGE_SHIFT; kinfo.unassigned_mem = dom0_mem; kinfo.d = d; -- 2.17.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor