[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 3/6] hvm/mtrr: use the hardware number of variable ranges for Dom0



On Wed, May 16, 2018 at 02:39:26AM -0600, Jan Beulich wrote:
> >>> On 15.05.18 at 16:36, <roger.pau@xxxxxxxxxx> wrote:
> > +        for ( i = 0; i < num_var_ranges; i++ )
> 
> Following your v1 I had already put together a patch to change just the
> save and load functions here, as the adjustments are necessary
> independent of the Dom0 aspect. Should num_var_ranges indeed be
> below MTRR_VCNT, there's an information leak here (of hypervisor stack
> data) without pre-initializing hw_mtrr. Here's the hunk from my patch, in
> case you care to re-use parts of it:
> 
> @@ -676,22 +676,22 @@ int hvm_set_mem_pinned_cacheattr(struct
>  
>  static int hvm_save_mtrr_msr(struct domain *d, hvm_domain_context_t *h)
>  {
> -    int i;
>      struct vcpu *v;
> -    struct hvm_hw_mtrr hw_mtrr;
> -    struct mtrr_state *mtrr_state;
> +
>      /* save mtrr&pat */
>      for_each_vcpu(d, v)
>      {
> -        mtrr_state = &v->arch.hvm_vcpu.mtrr;
> +        const struct mtrr_state *mtrr_state = &v->arch.hvm_vcpu.mtrr;
> +        struct hvm_hw_mtrr hw_mtrr = {
> +            .msr_mtrr_def_type = mtrr_state->def_type |
> +                                 (mtrr_state->enabled << 10),
> +            .msr_mtrr_cap      = mtrr_state->mtrr_cap,
> +        };
> +        unsigned int i;
>  
>          hvm_get_guest_pat(v, &hw_mtrr.msr_pat_cr);
>  
> -        hw_mtrr.msr_mtrr_def_type = mtrr_state->def_type
> -                                | (mtrr_state->enabled << 10);
> -        hw_mtrr.msr_mtrr_cap = mtrr_state->mtrr_cap;
> -
> -        for ( i = 0; i < MTRR_VCNT; i++ )
> +        for ( i = 0; i < (uint8_t)hw_mtrr.msr_mtrr_cap; i++ )
>          {
>              /* save physbase */
>              hw_mtrr.msr_mtrr_var[i*2] =
> 
> (I didn't send it out yet as I'm generally of the opinion that prior to
> branching focus should be on the code to be released rather than
> the next following version.)

Would you be OK if I integrate this as a pre-patch to this one in my
series?

Thanks, Roger.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.