From: Julien Grall <jgrall@amazon.com>
Commit 8916fcf4577 "x86/domain: compile with lock_profile=y enabled"
allowed the struct domain to use more than a PAGE_SIZE (i.e 4096).
However, the function free_domheap_struct() will only free the first
page.
We could modify the free part to free the correct number of pages, but
the structure has been fitting in a page (even with lock profile
enabled) since commit 428607a410 "x86: shrink 'struct domain', was
already PAGE_SIZE" (part of Xen 4.7).
Therefore, the specific case for lock profile is now removed.
This is not a security issue because struct domain can only be bigger
than a page size for lock profiling. The feature can only be selected
in DEBUG and EXPERT mode.
Fixes: 8916fcf4577 ("x86/domain: compile with lock_profile=y enabled")
Reported-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Julien Grall <jgrall@amazon.com>
---
This replace the original approach:
https://lists.xenproject.org/archives/html/xen-devel/2020-01/msg01546.html
---
xen/arch/x86/domain.c | 13 ++-----------
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 28fefa1f81..f53ae5ff86 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -313,7 +313,6 @@ static unsigned int __init noinline _domain_struct_bits(void)
struct domain *alloc_domain_struct(void)
{
struct domain *d;
- unsigned int order = get_order_from_bytes(sizeof(*d));
#ifdef CONFIG_BIGMEM
const unsigned int bits = 0;
#else
@@ -327,18 +326,10 @@ struct domain *alloc_domain_struct(void)
bits = _domain_struct_bits();
#endif
-
-#ifndef CONFIG_DEBUG_LOCK_PROFILE
BUILD_BUG_ON(sizeof(*d) > PAGE_SIZE);
-#endif
- d = alloc_xenheap_pages(order, MEMF_bits(bits));
+ d = alloc_xenheap_pages(0, MEMF_bits(bits));
if ( d != NULL )
- {
- unsigned int sz;
-
- for ( sz = 0; sz < (PAGE_SIZE << order); sz += PAGE_SIZE )
- clear_page((void *)d + sz);
- }
+ clear_page(d);
return d;
}
--
2.17.1
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
On 27/01/2020 09:38, Julien Grall wrote: > From: Julien Grall <jgrall@amazon.com> > > Commit 8916fcf4577 "x86/domain: compile with lock_profile=y enabled" > allowed the struct domain to use more than a PAGE_SIZE (i.e 4096). > However, the function free_domheap_struct() will only free the first > page. > > We could modify the free part to free the correct number of pages, but > the structure has been fitting in a page (even with lock profile > enabled) since commit 428607a410 "x86: shrink 'struct domain', was > already PAGE_SIZE" (part of Xen 4.7). > > Therefore, the specific case for lock profile is now removed. > > This is not a security issue because struct domain can only be bigger > than a page size for lock profiling. The feature can only be selected > in DEBUG and EXPERT mode. > > Fixes: 8916fcf4577 ("x86/domain: compile with lock_profile=y enabled") > Reported-by: David Woodhouse <dwmw@amazon.co.uk> > Signed-off-by: Julien Grall <jgrall@amazon.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Thanks. Much better! _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
© 2016 - 2024 Red Hat, Inc.