]> xenbits.xensource.com Git - people/aperard/xen-unstable.git/commitdiff
projects / people / aperard / xen-unstable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6a98383)
hypercall_xlat_continuation: Replace BUG_ON with domain_crash
authorBjoern Doebel <doebel@amazon.de>
Wed, 27 Mar 2024 17:31:38 +0000 (17:31 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 9 Apr 2024 11:49:40 +0000 (12:49 +0100)
Instead of crashing the host in case of unexpected hypercall parameters,
resort to only crashing the calling domain.

This is part of XSA-454 / CVE-2023-46842.

Fixes: b8a7efe8528a ("Enable compatibility mode operation for HYPERVISOR_memory_op")
Reported-by: Manuel Andreas <manuel.andreas@tum.de>
Signed-off-by: Bjoern Doebel <doebel@amazon.de>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
xen/arch/x86/hypercall.c patch | blob | blame | history

diff --git a/xen/arch/x86/hypercall.c b/xen/arch/x86/hypercall.c
index 133e9f221c78f34b972d89486956191bdf06ee7a..d292376b198b9a6105330f300f3362b798581dee 100644 (file)
--- a/xen/arch/x86/hypercall.c
+++ b/xen/arch/x86/hypercall.c
@@ -142,8 +142,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr,
                 cval = va_arg(args, unsigned int);
                 if ( cval == nval )
                     mask &= ~1U;
-                else
-                    BUG_ON(nval == (unsigned int)nval);
+                else if ( nval == (unsigned int)nval )
+                    domain_crash(current->domain,
+                                 "multicall (op %lu) bogus continuation arg%u (%#lx)\n",
+                                 mcs->call.op, i, nval);
             }
             else if ( id && *id == i )
             {
@@ -155,8 +157,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr,
                 mcs->call.args[i] = cval;
                 ++rc;
             }
-            else
-                BUG_ON(mcs->call.args[i] != (unsigned int)mcs->call.args[i]);
+            else if ( mcs->call.args[i] != (unsigned int)mcs->call.args[i] )
+                domain_crash(current->domain,
+                             "multicall (op %lu) bad continuation arg%u (%#lx)\n",
+                             mcs->call.op, i, mcs->call.args[i]);
         }
     }
     else
@@ -182,8 +186,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr,
                 cval = va_arg(args, unsigned int);
                 if ( cval == nval )
                     mask &= ~1U;
-                else
-                    BUG_ON(nval == (unsigned int)nval);
+                else if ( nval == (unsigned int)nval )
+                    domain_crash(current->domain,
+                                 "hypercall (op %u) bogus continuation arg%u (%#lx)\n",
+                                 regs->eax, i, nval);
             }
             else if ( id && *id == i )
             {
@@ -195,8 +201,10 @@ int hypercall_xlat_continuation(unsigned int *id, unsigned int nr,
                 *reg = cval;
                 ++rc;
             }
-            else
-                BUG_ON(*reg != (unsigned int)*reg);
+            else if ( *reg != (unsigned int)*reg )
+                domain_crash(current->domain,
+                             "hypercall (op %u) bad continuation arg%u (%#lx)\n",
+                             regs->eax, i, *reg);
         }
     }