Xen project Mailing List

[Xen-devel] [PATCH RFC 16/44] xen/ipi: Introduce arch_ipi_param_ok() to check IPI parameters

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Thu, 4 Jan 2018 20:21:41 +0000

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Thu, 04 Jan 2018 20:31:09 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

There are some addresses which are not safe to pass as IPI parameters, as they are not mapped on other cpus (or worse, mapped to something else). Introduce an arch-specific audit hook which is used to check the parameter. ARM has this stubbed to true, whereas x86 now excluses pointers in the PERCPU range. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- xen/common/smp.c | 1 + xen/include/asm-arm/smp.h | 3 +++ xen/include/asm-x86/smp.h | 15 +++++++++++++++ 3 files changed, 19 insertions(+) diff --git a/xen/common/smp.c b/xen/common/smp.c index 79f4ebd..1ffc21c 100644 --- a/xen/common/smp.c +++ b/xen/common/smp.c @@ -54,6 +54,7 @@ void on_selected_cpus( ASSERT(local_irq_is_enabled()); ASSERT(cpumask_subset(selected, &cpu_online_map)); + ASSERT(arch_ipi_param_ok(info)); spin_lock(&call_lock); diff --git a/xen/include/asm-arm/smp.h b/xen/include/asm-arm/smp.h index 3c12268..2f12e5c 100644 --- a/xen/include/asm-arm/smp.h +++ b/xen/include/asm-arm/smp.h @@ -28,6 +28,9 @@ extern void init_secondary(void); extern void smp_init_cpus(void); extern void smp_clear_cpu_maps (void); extern int smp_get_max_cpus (void); + +static inline bool arch_ipi_param_ok(const void *param) { return true; } + #endif /* diff --git a/xen/include/asm-x86/smp.h b/xen/include/asm-x86/smp.h index 7fcc946..5fea27d 100644 --- a/xen/include/asm-x86/smp.h +++ b/xen/include/asm-x86/smp.h @@ -73,6 +73,21 @@ void set_nr_sockets(void); /* Representing HT and core siblings in each socket. */ extern cpumask_t **socket_cpumask; +static inline bool arch_ipi_param_ok(const void *_param) +{ + unsigned long param = (unsigned long)_param; + + /* + * It is not safe to pass pointers in the PERCPU linear range to other + * cpus in an IPI. + * + * Not all parameters passed are actually pointers, so only reject + * parameters which are a canonical address in the PERCPU range. + */ + return (!is_canonical_address(param) || + l4_table_offset(param) != l4_table_offset(PERCPU_LINEAR_START)); +} + #endif /* !__ASSEMBLY__ */ #endif -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.