From nobody Fri Apr 19 19:38:24 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1669041491; cv=none; d=zohomail.com; s=zohoarc; b=LMDXUsdTVx/nd1V1Sy15cbRyEa0nxFcVgXXHnxk2m64RzGr0UXjgtWKMUrm1ESn8glv11uoZXlZNZa1xgOAEnyUehtG90i4uu5pQ1IN45AW2MqDO0atOZBvYbjGXtSZYkJe7gMJ1Zjbkm6hHy7QfbUGyOcj/umXwQf4jB05dCrM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1669041491; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=xAkun2sN4nXQPDc87x8Scq1+KOqve3ZdX2W1hbFUPdU=; b=Bu83e/hhKB3DkExXtnNQ77eSe1/00uSizo4r2a1Omba6b+F8DgCB7ZNQBaiid7zVzhfeza6J67+RdMtxZexpHEql58B7hGPgIICDtrQrBfDqRTfAbjWgKqzMZ+6ue2/xpKEju0hNpgQkH4gcsFIPE0+hxWejq9vvc/ZHg9u5S2I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 166904149138957.16171011272297; Mon, 21 Nov 2022 06:38:11 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.446651.702338 (Exim 4.92) (envelope-from ) id 1ox7vZ-0004k0-Qy; Mon, 21 Nov 2022 14:37:41 +0000 Received: by outflank-mailman (output) from mailman id 446651.702338; Mon, 21 Nov 2022 14:37:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ox7vZ-0004io-N0; Mon, 21 Nov 2022 14:37:41 +0000 Received: by outflank-mailman (input) for mailman id 446651; Mon, 21 Nov 2022 14:37:40 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ox7vY-0004fK-B0 for xen-devel@lists.xenproject.org; Mon, 21 Nov 2022 14:37:40 +0000 Received: from esa2.hc3370-68.iphmx.com (esa2.hc3370-68.iphmx.com [216.71.145.153]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id 0b2a6ea2-69aa-11ed-91b6-6bf2151ebd3b; Mon, 21 Nov 2022 15:37:38 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 0b2a6ea2-69aa-11ed-91b6-6bf2151ebd3b DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1669041458; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=BEhUtYQiNhE+S6ZLJyiIO/s+cSj9YjkEWslisUg9O84=; b=H5dic1/lST5EKLy8RxHC+1zJDAtWXuKe1scUfR4qlObhCkAl+YOB7g1T 6F8YO3vRKD3BbznzBkVBs6hTzvvRRqssnEoMnJLrZTUIP90QRkIpKXl/p 71PWdLKWydphr2qHg2blCOan7KyAcJLRnHQLAV+N6vYL3EX858Y78uq9S o=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: None X-MesageID: 85274744 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:oaQB36NGvw4EYGLvrR3Jl8FynXyQoLVcMsEvi/4bfWQNrUp00mMPn GtMXG+Ob/uPN2TxfI12PI3j805U6JTUx4dqTAto+SlhQUwRpJueD7x1DKtS0wC6dZSfER09v 63yTvGacajYm1eF/k/F3oDJ9CU6jufQA+KmU4YoAwgpLSd8UiAtlBl/rOAwh49skLCRDhiE/ Nj/uKUzAnf8s9JPGj9SuvzrRC9H5qyo4mpB5AVmPJingXeF/5UrJMNHTU2OByOQrrl8RoaSW +vFxbelyWLVlz9F5gSNy+uTnuUiG9Y+DCDW4pZkc/HKbitq/0Te5p0TJvsEAXq7vh3S9zxHJ HehgrTrIeshFvWkdO3wyHC0GQkmVUFN0OevzXRSLaV/ZqAJGpfh66wGMa04AWEX0u9ZIkYT/ KZBEmwmN0upi73p4b+JFeY506zPLOGzVG8eknRpzDWfBvc6W5HTBa7N4Le03h9p2JoIR6yHI ZNEN3w/N3wsYDUWUrsTILs4kP2lmT/UdDpApUjOjaE2/3LS3Ep6172F3N/9KoHQGpkKwhrwS mTu/0CoOg5KJtem6mSCw3jytMSX2j7fcddHfFG/3qEz2wDCroAJMzU2WF2hsL+Gg0ixc9tFL gof/S9Ghbg/8gmnQ8fwWzW8oWWYpVgMVtxICeo45QqRjK3O7G6k6nMsF2AbLoZ87YlvGGJsh gThc87V6SJHuZO2bi+UrO6u8RjrYgIZcjAjaB1bQl5QizX8m70bghXKR9dlNae6iNzpBD39q wy3QDgCa6Y71pBSifjilbzTq3f1/8WSEFZpjunCdjj9hj6VcrJJcGBBBbLzyf9bZLiUQVCa1 JTvs5jPtbteZX1hecHkfQnsIF1Kz6zfWNE5vbKIN8dJythV0yT/Fb28GRknTKqpW+5dEdMTX GfduBlK+LhYN2awYKl8buqZUpp0nfm+RI6+Cq6MMrKih6SdkyferUlTibO4hTixwCDAb4liU XtkTSpcJSlDUvk2pNZHb+wczaUq1kgDKZD7HPjGItXO+eT2WUN5vp9fbgDRP7hlsP3ZyOgXm v4GX/a3J9xkeLWWSkHqHUQ7dDjm8VBT6UjKlvFq IronPort-HdrOrdr: A9a23:Vkj/tKtZPkAEFi9VuPyHl7Pl7skDdtV00zEX/kB9WHVpmszxra +TdZUgpHnJYVkqOU3I9ersBEDEewK/yXcX2/h3AV7BZmnbUQKTRekIh7cKgQeQfhEWntQtsZ uIGJIRNDSfNzRHZL7BkWqFL+o= X-IronPort-AV: E=Sophos;i="5.96,181,1665460800"; d="scan'208";a="85274744" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Anthony PERARD , Henry Wang Subject: [PATCH 1/2] tools/libxl: Fixes to libxl__domain_set_paging_mempool_size() Date: Mon, 21 Nov 2022 14:37:30 +0000 Message-ID: <20221121143731.27545-2-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20221121143731.27545-1-andrew.cooper3@citrix.com> References: <20221121143731.27545-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1669041493094100001 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The error message accidentally printed the bytes value as if it were kB. Furthermore, both b_info.shadow_memkb and shadow_mem are uint64_t, meaning there is a risk of overflow if the user specified a stupidly large value in the vm.cfg file. Check and reject such a condition. Fixes: 7c3bbd940dd8 ("xen/arm, libxl: Revert XEN_DOMCTL_shadow_op; use p2m = mempool hypercalls") Signed-off-by: Andrew Cooper Reviewed-by: Anthony PERARD --- CC: Anthony PERARD CC: Henry Wang v2: * Retain PRIu64 * Check for overflow For 4.17. This is a low risk change, removes one overflow case, and makes = an error message accurate. --- tools/libs/light/libxl_dom.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_dom.c b/tools/libs/light/libxl_dom.c index fa5c79e4f650..b454f988fbc5 100644 --- a/tools/libs/light/libxl_dom.c +++ b/tools/libs/light/libxl_dom.c @@ -1458,10 +1458,18 @@ int libxl__domain_set_paging_mempool_size( shadow_mem =3D d_config->b_info.shadow_memkb; shadow_mem <<=3D 10; =20 + if ((shadow_mem >> 10) !=3D d_config->b_info.shadow_memkb) { + LOGED(ERROR, domid, + "shadow_memkb value %"PRIu64"kB too large", + d_config->b_info.shadow_memkb); + return ERROR_FAIL; + } + int r =3D xc_set_paging_mempool_size(CTX->xch, domid, shadow_mem); if (r) { LOGED(ERROR, domid, - "Failed to set paging mempool size to %"PRIu64"kB", shadow_m= em); + "Failed to set paging mempool size to %"PRIu64"kB", + d_config->b_info.shadow_memkb); return ERROR_FAIL; } =20 --=20 2.11.0 From nobody Fri Apr 19 19:38:24 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass(p=reject dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1669041494; cv=none; d=zohomail.com; s=zohoarc; b=HH7tAf1GuXwmggQovOS90b/GnhilCPB1TI4JXWkp3D6aUDGSq/yPIaVMKCrlWuls5nHwAqKn7D3o37HyB09LldUz5sy30g6F2k5r3BllGaUYrTsjhwzIpFUh1jbusIjaSXS7gLwlajxbqp3pFfu1n5+waSSdUfYlU+DFAD3LZeQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1669041494; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=f+gV1NP7ETKHq1oFNibCdavi30bmLvsvK3kj9cGcIZU=; b=DseWtVUl5KDNSDcscdI+FX+uhxA0ROq9fOfT+TmxFi1/VeGu7vH3TUesBfhsKdcZzFNRyk8avD5dUOKxecDbvHoveswhc4f6eYzGUPeQQvkMpd5vkQlakWO7zBjDzlQY6rOP9aH2669QDBul84YRCCWDm4hwWBXo7h7qzrCkCu0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1669041494176543.1347600607654; Mon, 21 Nov 2022 06:38:14 -0800 (PST) Received: from list by lists.xenproject.org with outflank-mailman.446652.702353 (Exim 4.92) (envelope-from ) id 1ox7vb-0005A8-43; Mon, 21 Nov 2022 14:37:43 +0000 Received: by outflank-mailman (output) from mailman id 446652.702353; Mon, 21 Nov 2022 14:37:43 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ox7vb-00059x-0H; Mon, 21 Nov 2022 14:37:43 +0000 Received: by outflank-mailman (input) for mailman id 446652; Mon, 21 Nov 2022 14:37:41 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1ox7vZ-0004fJ-0C for xen-devel@lists.xenproject.org; Mon, 21 Nov 2022 14:37:41 +0000 Received: from esa1.hc3370-68.iphmx.com (esa1.hc3370-68.iphmx.com [216.71.145.142]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id 0c986450-69aa-11ed-8fd2-01056ac49cbb; Mon, 21 Nov 2022 15:37:39 +0100 (CET) X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 0c986450-69aa-11ed-8fd2-01056ac49cbb DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1669041459; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version; bh=EOhf4hatGmnjIQxVt5++g1lD6WQQosxGmgv1LZ7z5fo=; b=eK1oDvPIwQeJ3+BpO+YBHJriaQEyNvEj0RYVsw7PoepQm9lvhGnLRGlA Pv2bGAecv1JYIrfMdMpiv5/97bdX6p6YZB+Cwj6C/ZAfhTnul/jO1GoTJ YQlMRrqvxColqPviJetjAhg6LZYUeCXBD5lI09tDzkmyE9oId/KNe7r8/ Y=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none X-SBRS: None X-MesageID: 85675817 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.156.83 X-Policy: $RELAYED IronPort-Data: A9a23:xqAwXqgw6BT1X8eHNW5fg4G2X161VxAKZh0ujC45NGQN5FlHY01je htvW2rTa67fMWqkftp/PI21pBsGuZfTytFqSVNq+ypmQiMb9cadCdqndUqhZCn6wu8v7q5Ex 55HNoSfdpBcolv0/ErF3m3J9CEkvU2wbuOgTrWCYmUpH1QMpB4J0XpLg/Q+jpNjne+3CgaMv cKai8DEMRqu1iUc3lg8sspvkzsy+qWs0N8klgZmP6oS5QWHzyB94K83fsldEVOpGuG4IcbiL wrz5OnR1n/U+R4rFuSknt7TGqHdauePVeQmoiM+t5mK2nCulARrukoIHKN0hXNsoyeIh7hMJ OBl7vRcf+uL0prkw4zxWzEAe8130DYvFLXveRBTuuTLp6HKnueFL1yDwyjaMKVBktubD12i+ tQ0LgoKd0mJp9uwybK+S8xChMsPHPnSadZ3VnFIlVk1DN4jSJHHBa7L+cVZzHE7gcUm8fT2P pRDL2A1NVKZPkMJagx/5JEWxY9EglHWdTFCpU3Tjq0w+2XJlyR60aT3McqTcduPLSlQthbF+ D2brz2mav0cHPKuyRTb9lzrvcqMjQnkab0MNue39sc/1TV/wURMUUZLBDNXu8KRhlalXtNDK 2Qd4ic0sbUp70uvU8X8WBuj5nWDu3Y0WdNWH/cr9QKlxa/d4gLfDW8BJhZhZdo8pYkJTDol/ laTmpXiAjkHmK2YTzeR+6mZqRu2ODMJNikSaCkcVwwH7tL/5oYpgXrnQtlvHaGvh/XpCDrwx HaMtyF4iLIN5fPnzI3iowqB2Wj14MGUEEhlvW07Q15J8CtVYrSiftWiyWHd5PZFLaO3TFatj Eg9zp32AP81MbmBkymEQeMoFb6v5uqYPDC0vWODD6XN5Bz2pSf9INk4DCVWYR4wb51aIWOBj Fr741s52XNFAJe9gUabiaqVAt9i86XvHM+Nuhv8PosXOcgZmONqEUhTia+sM4PFyhJEfUQD1 XCzL66R4Y4yU/gP8dZPb751PH9C7nlWKZnvbZ761Q+79rGVeWSYT7wIWHPXML5pvf3V+l6Jr Y4DXydv9/m4eLSvChQ7DKZJdQxaRZTFLc2eRzNrmh6rfVM9RTBJ5w75yrI9YY1195m5Zc+Rl kxQmyZwljLCuJEwAV/UMS8yMO+zA8sXQLBSFXVEAGtEEkMLOe6HhJrzvbNuFVX73ISPFcJJc sQ= IronPort-HdrOrdr: A9a23:6m9Yhazw/I1oH7Nsel14KrPwLL1zdoMgy1knxilNoRw8SKOlfq GV7ZImPHDP6Qr5NEtMpTnEAtjjfZq+z+8T3WByB9eftWDd0QPCRr2Kr7GSpgEIcxeOktK1vp 0PT0ERMrHN5CBB/KXH3DU= X-IronPort-AV: E=Sophos;i="5.96,181,1665460800"; d="scan'208";a="85675817" From: Andrew Cooper To: Xen-devel CC: Andrew Cooper , Daniel De Graaf , Daniel Smith , Jason Andryuk , Henry Wang Subject: [PATCH 2/2] xen/flask: Wire up XEN_DOMCTL_{get,set}_paging_mempool_size Date: Mon, 21 Nov 2022 14:37:31 +0000 Message-ID: <20221121143731.27545-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20221121143731.27545-1-andrew.cooper3@citrix.com> References: <20221121143731.27545-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 X-ZohoMail-DKIM: pass (identity @citrix.com) X-ZM-MESSAGEID: 1669041495029100003 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" These were overlooked in the original patch, and noticed by OSSTest which d= oes run some Flask tests. Fixes: 22b20bd98c02 ("xen: Introduce non-broken hypercalls for the paging m= empool size") Suggested-by: Daniel Smith Signed-off-by: Andrew Cooper Acked-by: Daniel P. Smith Reviewed-by: Jason Andryuk --- CC: Daniel De Graaf CC: Daniel Smith CC: Jason Andryuk CC: Henry Wang It should be noted that the original XSA-409 fix broke Flask on ARM but no testing noticed. c/s 7c3bbd940dd8 ("xen/arm, libxl: Revert XEN_DOMCTL_shadow_op; use p2m mempool hypercalls") "fixes" the original breakage and introduced this breakage instead. For 4.17. It's a fix for an issue that OSSTest is currently blocking as a regression. --- tools/flask/policy/modules/dom0.te | 3 ++- tools/flask/policy/modules/xen.if | 2 +- xen/xsm/flask/hooks.c | 6 ++++++ xen/xsm/flask/policy/access_vectors | 4 ++++ 4 files changed, 13 insertions(+), 2 deletions(-) diff --git a/tools/flask/policy/modules/dom0.te b/tools/flask/policy/module= s/dom0.te index f710ff9941c0..f1dcff48e227 100644 --- a/tools/flask/policy/modules/dom0.te +++ b/tools/flask/policy/modules/dom0.te @@ -35,7 +35,8 @@ allow dom0_t dom0_t:domain { setvcpucontext max_vcpus setaffinity getaffinity getscheduler getdomaininfo getvcpuinfo getvcpucontext setdomainmaxmem setdomainhandle setdebugging hypercall settime setaddrsize getaddrsize trigger - getpodtarget setpodtarget set_misc_info set_virq_handler + getpodtarget setpodtarget getpagingmempool setpagingmempool set_misc_info + set_virq_handler }; allow dom0_t dom0_t:domain2 { set_cpu_policy gettsc settsc setscheduler set_vnumainfo diff --git a/tools/flask/policy/modules/xen.if b/tools/flask/policy/modules= /xen.if index 424daab6a022..6b7b7d403ab4 100644 --- a/tools/flask/policy/modules/xen.if +++ b/tools/flask/policy/modules/xen.if @@ -92,7 +92,7 @@ define(`manage_domain', ` allow $1 $2:domain { getdomaininfo getvcpuinfo getaffinity getaddrsize pause unpause trigger shutdown destroy setaffinity setdomainmaxmem getscheduler resume - setpodtarget getpodtarget }; + setpodtarget getpodtarget getpagingmempool setpagingmempool }; allow $1 $2:domain2 set_vnumainfo; ') =20 diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 391aec4dc221..78225f68c15c 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -822,6 +822,12 @@ static int cf_check flask_domctl(struct domain *d, int= cmd) case XEN_DOMCTL_get_cpu_policy: return current_has_perm(d, SECCLASS_DOMAIN2, DOMAIN2__GET_CPU_POLI= CY); =20 + case XEN_DOMCTL_get_paging_mempool_size: + return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__GETPAGINGMEMPO= OL); + + case XEN_DOMCTL_set_paging_mempool_size: + return current_has_perm(d, SECCLASS_DOMAIN, DOMAIN__SETPAGINGMEMPO= OL); + default: return avc_unknown_permission("domctl", cmd); } diff --git a/xen/xsm/flask/policy/access_vectors b/xen/xsm/flask/policy/acc= ess_vectors index 6359c7fc8757..4e6710a63e1b 100644 --- a/xen/xsm/flask/policy/access_vectors +++ b/xen/xsm/flask/policy/access_vectors @@ -180,6 +180,10 @@ class domain set_misc_info # XEN_DOMCTL_set_virq_handler set_virq_handler +# XEN_DOMCTL_get_paging_mempool_size + getpagingmempool +# XEN_DOMCTL_set_paging_mempool_size + setpagingmempool } =20 # This is a continuation of class domain, since only 32 permissions can be --=20 2.11.0