1. Patchew
  2. Xen
  3. View series

[PATCH] compat/memory: avoid UB shifts in XENMEM_exchange handling

Jan Beulich posted 1 patch 6 months, 2 weeks ago
Failed in applying to current master (apply log)
[PATCH] compat/memory: avoid UB shifts in XENMEM_exchange handling
Posted by Jan Beulich 6 months, 2 weeks ago 
Add an early basic check, yielding the same error code as the more
thorough on the the main handler would produce.

Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op")
Reported-by: Manuel Andreas <manuel.andreas@tum.de>
Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/common/compat/memory.c
+++ b/xen/common/compat/memory.c
@@ -161,6 +161,11 @@ int compat_memory_op(unsigned int cmd, X
             if ( copy_from_guest(&cmp.xchg, arg, 1) )
                 return -EFAULT;
 
+            /* Early coarse check, as max_order() isn't available here. */
+            if ( cmp.xchg.in.extent_order >= BITS_PER_INT ||
+                 cmp.xchg.out.extent_order >= BITS_PER_INT )
+                return -EPERM;
+
             order_delta = cmp.xchg.out.extent_order - cmp.xchg.in.extent_order;
             /* Various sanity checks. */
             if ( (cmp.xchg.nr_exchanged > cmp.xchg.in.nr_extents) ||
Re: [PATCH] compat/memory: avoid UB shifts in XENMEM_exchange handling
Posted by Andrew Cooper 6 months, 2 weeks ago 
On 17/04/2025 3:08 pm, Jan Beulich wrote:
> Add an early basic check, yielding the same error code as the more
> thorough on the the main handler would produce.
>
> Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op")
> Reported-by: Manuel Andreas <manuel.andreas@tum.de>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Re: [PATCH] compat/memory: avoid UB shifts in XENMEM_exchange handling
Posted by Jason Andryuk 6 months, 2 weeks ago 
On 2025-04-17 10:08, Jan Beulich wrote:
> Add an early basic check, yielding the same error code as the more
> thorough on the the main handler would produce.

"as the more thorough check in the main handler"...

> Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op")
> Reported-by: Manuel Andreas <manuel.andreas@tum.de>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>

With that:

Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>
Re: [PATCH] compat/memory: avoid UB shifts in XENMEM_exchange handling
Posted by Jan Beulich 6 months, 1 week ago 
On 17.04.2025 18:50, Jason Andryuk wrote:
> On 2025-04-17 10:08, Jan Beulich wrote:
>> Add an early basic check, yielding the same error code as the more
>> thorough on the the main handler would produce.
> 
> "as the more thorough check in the main handler"...

I had already correct the typo ("on" when "one" was meant).

>> Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op")
>> Reported-by: Manuel Andreas <manuel.andreas@tum.de>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
> 
> With that:
> 
> Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>

Thanks.

Jan

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.