From nobody Tue Feb 10 06:24:57 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1585596196; cv=none; d=zohomail.com; s=zohoarc; b=Q6mo2lK7JoASfZgDm76SPY4hz/R1gMV992wOzvYNFGQ6+EtWWUmXGs+U+jU2SSF6l301NKLi0ODZa2vGRvZFM9bfQE2Uiloj/g9zFmD1UfuZ3ThO3yNX2T+u4+kUUUYuD+YpIBMvxMqhaZg15zJqEeC5tvvpBN1EGobkC6HUyTI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1585596196; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=m6d++yISFYoabczO21ysTR9r+GhnJXbvqXk0ITsPtjo=; b=Ah9NzPKw8G/oTZv183vPP3oohqB6jPhTJMgm0URdgCJkWgFZv9zspdS9ZeU1LTGrsPQmiNhlxFAdFcMw1ttlMUzjeNBOb0MGNNLJN3JKLSuVLCeGkxEC5BQGiqJH86JMbl1BIUWWlRAdpINcpQf2G+AJMmA0iLfkjKFSceDtfq8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1585596196190668.7920698317726; Mon, 30 Mar 2020 12:23:16 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jIzz9-0005wt-Up; Mon, 30 Mar 2020 19:22:11 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jIzz8-0005wo-5k for xen-devel@lists.xenproject.org; Mon, 30 Mar 2020 19:22:10 +0000 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id bf42d45a-72bb-11ea-b9f4-12813bfff9fa; Mon, 30 Mar 2020 19:22:08 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1jIzz5-0003l1-M9; Mon, 30 Mar 2020 19:22:07 +0000 Received: from 54-240-197-235.amazon.com ([54.240.197.235] helo=ufe34d9ed68d054.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1jIzz5-0007AJ-DC; Mon, 30 Mar 2020 19:22:07 +0000 X-Inumbo-ID: bf42d45a-72bb-11ea-b9f4-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=m6d++yISFYoabczO21ysTR9r+GhnJXbvqXk0ITsPtjo=; b=CRq9bVLPhYr/5ywgpu35lYfrCq XihjmGslycLYzQhv117hy3z2K8TYeOD1/D5zjZe1fDtH3qJ0YyTqtTPL0U92tDmU94hdS3kSzhuWx gYQcvWvk5K/6bI1b4fNymdAoOgfxqAoM5FwuuvdQFRneHwNYTG9hWDpGy0DoS2sN+5Kk=; From: Julien Grall To: xen-devel@lists.xenproject.org Date: Mon, 30 Mar 2020 20:21:50 +0100 Message-Id: <20200330192157.1335-2-julien@xen.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200330192157.1335-1-julien@xen.org> References: <20200330192157.1335-1-julien@xen.org> Subject: [Xen-devel] [PATCH 1/8] xen/guest_access: Harden copy_to_guest_offset to prevent const dest operand X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Stefano Stabellini , Julien Grall , Wei Liu , Andrew Cooper , Julien Grall , dfaggioli@suse.com, Jan Beulich , Volodymyr Babchuk , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Julien Grall At the moment, copy_to_guest_offset() will allow the hypervisor to copy data to guest handle marked const. Thankfully, no users of the helper will do that. Rather than hoping this can be caught during review, harden copy_to_guest_offset() so the build will fail if such users are introduced. Signed-off-by: Julien Grall --- xen/include/asm-arm/guest_access.h | 2 +- xen/include/asm-x86/guest_access.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/xen/include/asm-arm/guest_access.h b/xen/include/asm-arm/guest= _access.h index 8997a1cbfe..ff2eec237d 100644 --- a/xen/include/asm-arm/guest_access.h +++ b/xen/include/asm-arm/guest_access.h @@ -126,7 +126,7 @@ int access_guest_memory_by_ipa(struct domain *d, paddr_= t ipa, void *buf, =20 #define __copy_to_guest_offset(hnd, off, ptr, nr) ({ \ const typeof(*(ptr)) *_s =3D (ptr); \ - char (*_d)[sizeof(*_s)] =3D (void *)(hnd).p; \ + typeof(*((hnd).p)) *_d =3D (hnd).p; \ ((void)((hnd).p =3D=3D (ptr))); \ __raw_copy_to_guest(_d+(off), _s, sizeof(*_s)*(nr));\ }) diff --git a/xen/include/asm-x86/guest_access.h b/xen/include/asm-x86/guest= _access.h index ca700c959a..2693c6540b 100644 --- a/xen/include/asm-x86/guest_access.h +++ b/xen/include/asm-x86/guest_access.h @@ -86,7 +86,7 @@ */ #define copy_to_guest_offset(hnd, off, ptr, nr) ({ \ const typeof(*(ptr)) *_s =3D (ptr); \ - char (*_d)[sizeof(*_s)] =3D (void *)(hnd).p; \ + typeof(*((hnd).p)) *_d =3D (hnd).p; \ ((void)((hnd).p =3D=3D (ptr))); \ raw_copy_to_guest(_d+(off), _s, sizeof(*_s)*(nr)); \ }) --=20 2.17.1