Xen project Mailing List

[PATCH v2 9/9] x86/shadow: harden shadow_size()

To: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Date: Wed, 11 Jan 2023 14:57:54 +0100

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bY7YXGCVxaLa3//TMr+/cVinLxzirB14/tYwJGkYJjk=; b=hNLalCz4m6o2ykOlQQqlaXVOBukHG/SzuXvBpL6I5w0hkkZ8sND+rODYbJhiH9fxxfgQ/JDfZdI1Jb/uXidSrHCMLL/J68l3rxrOaYX+e04eKqR1WRMiU52Bw3/ezmfgpcKdbBBzD9M0+TYeYyknAx/uHbPpLAVxjHhNSwvgPPT2PfDvp0Y/A0mO13PFupLAeVeMNEOA2cI0n1fEsjr8BluLqHsOXlQm/SPKilIAdpbNIMJ542CfeV0x6x0DvQ9Wz1Io2X8U7TamTKAf+w1bxySpLgQ/rDQo0iHKZZ9OlmCZkpObocl2jBmameezeLH9uSUbAQiLlzaq1AWGH5QUFQ==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TSRKM4oRF64gC77pPF7nUVgW9tf0uMUPNbvDdzwKSND6YmoJUfF0iuVSTtzSaYmNkSCX8TEHXa68Pm+0oRj5ciyS3hRsvNMdR30ao483g5gPf0bv8VwRtd1qWPszc7w9Sx47PS8kzY37oluYMRNkVQR243c0L7F+z+063GgedLF5tncE9JUitRgzKj0gAftE5TG1HmoDiJcdPEsrmUDYHyVTRlIc5bKCiojTWN8S//Pi4enidjmE5yxRv5TCt3lbi19HZnTkGrgaVZp8xvbGrmsl5vtYE6vvs/fTuqN4vHT9bRAKZsZ0F9DvEnXZ4FP75tVihJVYkZgsAudVgKZM4w==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>

Delivery-date: Wed, 11 Jan 2023 13:58:00 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Make HVM=y release build behavior prone against array overrun, by (ab)using array_access_nospec(). This is in particular to guard against e.g. SH_type_unused making it here unintentionally. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- v2: New. --- a/xen/arch/x86/mm/shadow/private.h +++ b/xen/arch/x86/mm/shadow/private.h @@ -27,6 +27,7 @@ // been included... #include <asm/page.h> #include <xen/domain_page.h> +#include <xen/nospec.h> #include <asm/x86_emulate.h> #include <asm/hvm/support.h> #include <asm/atomic.h> @@ -368,7 +369,7 @@ shadow_size(unsigned int shadow_type) { #ifdef CONFIG_HVM ASSERT(shadow_type < ARRAY_SIZE(sh_type_to_size)); - return sh_type_to_size[shadow_type]; + return array_access_nospec(sh_type_to_size, shadow_type); #else ASSERT(shadow_type < SH_type_unused); return shadow_type != SH_type_none;

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.