From patchwork Tue Sep 5 09:10:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 13374402 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1AEF6C83F3E for ; Tue, 5 Sep 2023 09:10:48 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.595502.929087 (Exim 4.92) (envelope-from ) id 1qdS51-0001Ym-2s; Tue, 05 Sep 2023 09:10:39 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 595502.929087; Tue, 05 Sep 2023 09:10:39 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qdS50-0001Yf-Vc; Tue, 05 Sep 2023 09:10:38 +0000 Received: by outflank-mailman (input) for mailman id 595502; Tue, 05 Sep 2023 09:10:37 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1qdS4z-0001W7-7U for xen-devel@lists.xenproject.org; Tue, 05 Sep 2023 09:10:37 +0000 Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2062d.outbound.protection.outlook.com [2a01:111:f400:fe12::62d]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 12de11dd-4bcc-11ee-8783-cb3800f73035; Tue, 05 Sep 2023 11:10:36 +0200 (CEST) Received: from DU2PR04MB8790.eurprd04.prod.outlook.com (2603:10a6:10:2e1::23) by AM0PR04MB6914.eurprd04.prod.outlook.com (2603:10a6:208:189::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6745.32; Tue, 5 Sep 2023 09:10:34 +0000 Received: from DU2PR04MB8790.eurprd04.prod.outlook.com ([fe80::f749:b27f:2187:6654]) by DU2PR04MB8790.eurprd04.prod.outlook.com ([fe80::f749:b27f:2187:6654%6]) with mapi id 15.20.6745.030; Tue, 5 Sep 2023 09:10:34 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 12de11dd-4bcc-11ee-8783-cb3800f73035 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kvT3XvZBMoNC/fQorQe3PMpMiPPbY7aABKff4Qk+u/YIgBQBsxZ/euA5jsg79+2vtUBkn6O0lVYs4Ofjt11v29CRhWsn9/RwGdNBz89czsF9RFqhqBrtNAopbUw+RQRAFypINAp0f48pDp6pXyXPczXZa4LNj8Ra2JBQ57K5VXfT1Dl4H6kUJRoXe6NuFn9kzny5D3r2pcKMQGmxqpaTjNlg7t38l1vTOg13DKYw9g/FjZok4nyMGBeUw7TGisyzjgr+5ABYpnsMLv+Kjo5cvA7S1Pn2ZDcVguRqbXXuibzLAQ5o3tJzyy4DAfw+DuK/NhzJhFbbWoykYHJfTm7rhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DE7MpGw7Og0CWnJ0nbJklNmp29KoDOwItn08FJ66lgQ=; b=U2PIii+a6XBoB/KxE48rTOnAfN8KkhLTwIuQWBZGO0NoPaQHpbqzArvnCj4di6IO82uJHSND6Rdb5T9MVadDUMoYQXzhsuvUs6Z/wZWdMaDcTt9s+WlpfUR7ZR4IRCesLt6y59D7P3RTedX4EKkq2ZyyIfCzYhyXC/bdEnnOzcpRtGp2P6F/AEZuhhS5fQJul44lOjt/XoaMk/WXK0EqYABQmaGjLxAv57y3tT8wm4k/Xz9LrNzBTlRztSJF6K4d/eFFIpbjxc25/COty5r4gp2lJGanEFkPJvNs9Gp1/ZXmiKCFERe2jYrVcyXCPctb5zGEhSwPHmQa4Sq3L/IsWQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DE7MpGw7Og0CWnJ0nbJklNmp29KoDOwItn08FJ66lgQ=; b=eDzeXpK5Z/CtspS8fP9LdxrmSoC2/dfxNtjnHungaJFEyZb5zSOMzl3CIr+SmhEz47wzmRVum4C0F4kzZoLPnOnklBpEdEVHZtWU4hmbnH2qeQjY1UgJkvGlQTkJR9/uzjDYGCtfmR+OpxWgq69rklqHrbr8xa+XRUP9yk/umGS2eY7fGo26v9BbyHPjeo7BYa9JXr5cB17D/pPjPchRjNrCZ3TrcUC02NwNS7xJjkiss1mYAFKGUuK00UjfqMxk5gsPddEMHNhJChjgGDgU97OKavAhBEkqDJXKhwNYrE7qktn3Gl5yctmks4YrGiecNbbLqgKQXyjtz9QZFDWtEA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <882e9427-25b4-244f-ad2e-9efa4e3be076@suse.com> Date: Tue, 5 Sep 2023 11:10:31 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= From: Jan Beulich Subject: [PATCH] x86/PV: consolidate LDT checks X-ClientProxiedBy: FR0P281CA0255.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:af::18) To DU2PR04MB8790.eurprd04.prod.outlook.com (2603:10a6:10:2e1::23) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU2PR04MB8790:EE_|AM0PR04MB6914:EE_ X-MS-Office365-Filtering-Correlation-Id: ca5406e3-7caa-4108-58d6-08dbadeff607 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hwrRWzoshFo3Z7PLRXaYsV+Z4c2lEte/s7pa96Anacqdg9GOlBwJO/++z83J3MwD/Iha2YXvJsPHYIfz6IEaJnpi6uFXqf1vAeIkwS/fCDX4G2pDYeFsEsWTrVLxYbGd5fCn13dJ/Y95k9iEQxCsH+Jf2z+GLeUM6Sfas3QTGTLik8aXdql1Ypxa5lUCrPZc1rGJ0uje/OviXbOHN3OyAbnSvmIQ6d8wZ8nbquddeqnI4O+wIwK/QHGKJ92ZyKjOCduLDa+xUygvCJNBJTIl8qOhDTv8HJ6yXjOzHvcLKA3orDXSyGcE8EMGUyiwLCaJtwGfh3Oj1rzJrbElaHVoJjQupRUF3RPNPlXlOxBcLfG+5IdMUqr97nSFxys0wp3Lh9+BKWt6HZJjEQj6dbxr2mKiviqbMxb86UkTN4qfF5gb9zjgaqVAw9NgZ0WLvl77IO9Nmu26QpS2hQ2VUiPlrr/87Cgc4B/FnYKnSPsH283FLA18TLWLoZ4RZzVzsu0K6zi5+xMTTrDHNmQ64plAy+GOtvvFfkAQMrqHaAmePSbfyCpuIrZgQVr95MrMZnhUti/SYInOCgLt2RoPpV1Sr954Yl2rk+oqorcPufX/nuNhuYaaKfZKr61xYHaUrI9/MW+1U26hb7A26tNZHkAh4Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2PR04MB8790.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366004)(39860400002)(346002)(376002)(136003)(396003)(451199024)(186009)(1800799009)(31686004)(38100700002)(36756003)(5660300002)(86362001)(31696002)(83380400001)(41300700001)(26005)(66476007)(66556008)(54906003)(66946007)(2616005)(478600001)(6666004)(2906002)(316002)(6486002)(6916009)(8936002)(4326008)(6506007)(6512007)(8676002)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?Kqd85UXWkmKaLJ3hQzMe1H31Kmzm?= =?utf-8?q?I+dBuB2CH7fjxlTEGeMkjPEJ+CZVzq9+TyD1D9ltL8LUVvACvcXFlHsUuN7PZ+lHV?= =?utf-8?q?8Jf6H7zRBQIStHVkHVnUkzuD9BEYDKPYLTZtR03hEida43PssJUp6mGf8HB8nJmU6?= =?utf-8?q?tuR/FZ4HhghMgNwfvmimRLm+MRc//Wf/o6FSVAhDhAE5J84ittQ+UXemWdLGdXNQK?= =?utf-8?q?E2TYCMbtfm6q0nvcT8T3+8vAWg5eYC9xV8xZvcoT8tiTtLe5XUq8ud4k1vuJ0niOe?= =?utf-8?q?oHVUHXtevTa3VY5X4FFuREcFSIMsd4pIzEKP9Dma/ydBq4gdTS4XFzEDZSVH9eFLW?= =?utf-8?q?s6hbqMP1TFYolN67MvVHORjGoye6H0IfGGrUgr/HNYpMcyR3cp+DLCFyGRHklXTZY?= =?utf-8?q?HcHw3C1CRJGIPcVdMDOSmNUVLXwUK3K9wP4MuAwpN3f/xYIgxkLK56TJXDxSOH3pz?= =?utf-8?q?eiacKgAnbZv3YToJz+8qUlC4DAm+hjSozdedJ9xFQdQB/jCrDpzHXF9b9AUxSRz8I?= =?utf-8?q?ONrGohOmTQLGrpC6V34yTeW2dky27rEU26RC7tJFJJfGrw1OPQlkINSijdeQDkyEM?= =?utf-8?q?xlyH/7aQpKW3teeuU/ftaQH4ghYSSXIe3ukvsSsp/PDW/kEhhjNWmxn4BEExBH26G?= =?utf-8?q?ZPfuS100jvWKNbHgMgQmFu17DwKqBmlIw3oVQ/yksbiW+nBHRhaXDTOqyQTW1xxFN?= =?utf-8?q?YhnYsEQLtOtlPT1rK2Cc0NvK39NhJc3sir1WSy04SXw1y42HW9NRYrubJRBEMDiWD?= =?utf-8?q?TvjPhBmGwhr3vArherKZE3KaAPTYHKSTfOmfZzkVlUMTfwkopeMoGbnQhsKR2J+S8?= =?utf-8?q?E4JV/aTVjzn6fBl/+ko/zBTCqWpjmHXbXmF7wCV0qW5Vnc/aKDDjidg2AzN/upV/I?= =?utf-8?q?D2ZI9+QnNP94Pjh4FQfg+88lxd+rhonD66bxGNd9xwjrqFwo2KkPcBORlv1dCoNCA?= =?utf-8?q?p/MsBBqxB9iwpS/vFH/rXshOBc5OsFf49lyO5D30ss5zU1nsFVqt4yGsNenmNJ9Ae?= =?utf-8?q?5HBmm2Li7shIpVKfgOaHtPAX4JwKUFfzHTDqUzvq/7dgYEwsSifdEMulMbVkkJBBe?= =?utf-8?q?cClDkYvT7oALxipDZxZVXiJzC5nyTLz83zd8RutXkxOvuTpvoong6R922xEBNrWkV?= =?utf-8?q?GnmE/19DY7GNjAVaCthdn2IsvxLlMrLH2Co2o3eeMeWMh+r7I0VJr+5+pwDB9rX5W?= =?utf-8?q?ny9pV0ood6ITj6+grlanR9XRiopDrdJVOK/tScMlXoAHsC6YhztieFjjL5axod7bd?= =?utf-8?q?tA+UIKXvC3sYlbLWfcMwgoHmn/2rfjGUQme7TblN2U40gwKZf80Xed2X9R0tcJUeA?= =?utf-8?q?ez0ZV4FkyPltAqyVyCXChP4du8UpcpoQvbExXwXlL/iBFcYDNBY5PlK1BOO6I73y3?= =?utf-8?q?nnjfqhDKnu4f8ox4zyjQL9ukUqqN4EYcJ0ETI3hLk87xHINVbbeJjIEfyXqdS03PA?= =?utf-8?q?NrHP7q/jeJ8WN8eu0r1NLQ/blP3CJX4TMR9hHyRMC+hAurFHjbou6vMR12NVjGyce?= =?utf-8?q?cvg3OPji7bHi?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: ca5406e3-7caa-4108-58d6-08dbadeff607 X-MS-Exchange-CrossTenant-AuthSource: DU2PR04MB8790.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Sep 2023 09:10:34.1033 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SoyjJjUJbHUML67ZF1AK07z5Sbhk5t+6vn0mS7o4jSYfR+7sa/xnSwcu2caM09gGr2arudBcRDNTUahp8F8Kvg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR04MB6914 Consolidate all hypercall time checking into a single helper function, checking only static properties. The dynamic properties are already taken care of by the __addr_ok() check in guest_get_eff_kern_l1e(), used by pv_map_ldt_shadow_page(), in a formally more "precise" manner (accounting for the offset into the table). Signed-off-by: Jan Beulich --- a/xen/arch/x86/domain.c +++ b/xen/arch/x86/domain.c @@ -1081,7 +1081,6 @@ int arch_set_info_guest( if ( !is_canonical_address(c.nat->user_regs.rip) || !is_canonical_address(c.nat->user_regs.rsp) || !is_canonical_address(c.nat->kernel_sp) || - (c.nat->ldt_ents && !is_canonical_address(c.nat->ldt_base)) || !is_canonical_address(c.nat->fs_base) || !is_canonical_address(c.nat->gs_base_kernel) || !is_canonical_address(c.nat->gs_base_user) || @@ -1100,9 +1099,6 @@ int arch_set_info_guest( return -EINVAL; fixup_guest_code_selector(d, c.nat->trap_ctxt[i].cs); } - - if ( !__addr_ok(c.nat->ldt_base) ) - return -EINVAL; } #ifdef CONFIG_COMPAT else @@ -1119,8 +1115,7 @@ int arch_set_info_guest( #endif /* LDT safety checks. */ - if ( ((c(ldt_base) & (PAGE_SIZE - 1)) != 0) || - (c(ldt_ents) > 8192) ) + if ( !pv_is_valid_ldt(c(ldt_base), c(ldt_ents)) ) return -EINVAL; v->arch.pv.vgc_flags = flags; --- a/xen/arch/x86/include/asm/pv/mm.h +++ b/xen/arch/x86/include/asm/pv/mm.h @@ -46,4 +46,14 @@ static inline bool pv_destroy_ldt(struct #endif +static inline bool pv_is_valid_ldt(unsigned long base, unsigned int ents) +{ + if ( !ents ) + return true; + + return !(base & (PAGE_SIZE - 1)) && ents <= 8192 && + is_canonical_address(base) && + is_canonical_address(base + ents * 8 - 1); +} + #endif /* __X86_PV_MM_H__ */ --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -3800,8 +3800,7 @@ long do_mmuext_op( rc = -EPERM; else if ( paging_mode_external(currd) ) rc = -EINVAL; - else if ( (ents > 8192) || - (ents && ((ptr & (PAGE_SIZE - 1)) || !__addr_ok(ptr))) ) + else if ( !pv_is_valid_ldt(ptr, ents) ) { gdprintk(XENLOG_WARNING, "Bad args to SET_LDT: ptr=%lx, ents=%x\n", ptr, ents);