From nobody Thu May 2 20:49:46 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org ARC-Seal: i=1; a=rsa-sha256; t=1588676838; cv=none; d=zohomail.com; s=zohoarc; b=OpGYwfDN382us3J9W0tbiWIMyGsKZWfBfY4zsE2SvqRaazTeZdStYLyb+hw70FPBvs62+OsNW3T3NLVnJpR5MGZsQYdOne+l2Cd1tITM+mKHNob9SkCo6lWj/++WN+W5lSFCV+Pn87RhJBlykDeAcNHBXJa/+Em140/77SqnXLk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1588676838; h=Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:Message-ID:Sender:Subject:To; bh=o6t4XEAWupBQ7XmDt0+Vd5JHQn6V1VVS150N+FXhM2w=; b=Lv2b8gSMecYnTSQucvwFP27taO8Syp0GJLb2GxJpgaKCn8SbpJWXncfpha6izm+M9wLit5nEf0phd+l4z8n1PVDEVwx4le1cwtJRgHxAIMAzUZNg0L80F5LFsytSDfrisA9s5PbPv6cPUSi24Xpoa+RGdBeuR2Yu8wKauZ73gig= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1588676838649968.7051684426356; Tue, 5 May 2020 04:07:18 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jVvPK-0002N6-TF; Tue, 05 May 2020 11:06:38 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jVvPJ-0002N1-BN for xen-devel@lists.xenproject.org; Tue, 05 May 2020 11:06:37 +0000 Received: from mail.xenproject.org (unknown [104.130.215.37]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 7ce87a80-8ec0-11ea-9daa-12813bfff9fa; Tue, 05 May 2020 11:06:37 +0000 (UTC) Received: from xenbits.xenproject.org ([104.239.192.120]) by mail.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jVvPI-0000Dz-El; Tue, 05 May 2020 11:06:36 +0000 Received: from 54-240-197-227.amazon.com ([54.240.197.227] helo=u1bbd043a57dd5a.ant.amazon.com) by xenbits.xenproject.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.89) (envelope-from ) id 1jVvPI-0003lw-4N; Tue, 05 May 2020 11:06:36 +0000 X-Inumbo-ID: 7ce87a80-8ec0-11ea-9daa-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=xen.org; s=20200302mail; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=o6t4XEAWupBQ7XmDt0+Vd5JHQn6V1VVS150N+FXhM2w=; b=7Lt4gWISKrG9ePh0o1ZJnfhFsQ 93z1oftshVhjhiOT0HNao9nHEja7pa9jVgi6RU7OLzhpPkzM1wfaHyWRkzVv2vVge8huzVUebnQDL 6GfC9TLWOHrlgstDd97zafKR6GzSZp520i6MDhi08XbT9xDnekMyEXqcM9ikbIep592E=; From: Hongyan Xia To: xen-devel@lists.xenproject.org Subject: [PATCH] x86/traps: fix an off-by-one error Date: Tue, 5 May 2020 12:06:30 +0100 Message-Id: <37b7ec049ff82f92cc6724a743867e1cd9365f5b.1588676790.git.hongyxia@amazon.com> X-Mailer: git-send-email 2.17.1 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Andrew Cooper , Wei Liu , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Hongyan Xia stack++ can go into the next page and unmap_domain_page() will unmap the wrong one, causing mapcache and memory corruption. Fix. This is found with direct map removal. For now, the idle domain does not have a mapcache and uses the direct map, so no errors will occur. Signed-off-by: Hongyan Xia --- xen/arch/x86/traps.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 33e5d21ece..f033a804a3 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -300,6 +300,7 @@ static void show_guest_stack(struct vcpu *v, const stru= ct cpu_user_regs *regs) int i; unsigned long *stack, addr; unsigned long mask =3D STACK_SIZE; + void *stack_page =3D NULL; =20 /* Avoid HVM as we don't know what the stack looks like. */ if ( is_hvm_vcpu(v) ) @@ -328,7 +329,7 @@ static void show_guest_stack(struct vcpu *v, const stru= ct cpu_user_regs *regs) vcpu =3D maddr_get_owner(read_cr3()) =3D=3D v->domain ? v : NULL; if ( !vcpu ) { - stack =3D do_page_walk(v, (unsigned long)stack); + stack_page =3D stack =3D do_page_walk(v, (unsigned long)stack); if ( (unsigned long)stack < PAGE_SIZE ) { printk("Inaccessible guest memory.\n"); @@ -358,7 +359,7 @@ static void show_guest_stack(struct vcpu *v, const stru= ct cpu_user_regs *regs) if ( mask =3D=3D PAGE_SIZE ) { BUILD_BUG_ON(PAGE_SIZE =3D=3D STACK_SIZE); - unmap_domain_page(stack); + unmap_domain_page(stack_page); } if ( i =3D=3D 0 ) printk("Stack empty."); --=20 2.17.1