From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri, 11 Aug 2017 13:02:31 +0000 (+0000)
Subject: x86/mm: Prevent 32bit PV guests using out-of-range linear addresses
X-Git-Tag: 4.10.0-rc1~341
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=43ee624d43d5c326510600ec67898d782e17a19a;p=xen.git

x86/mm: Prevent 32bit PV guests using out-of-range linear addresses

The grant ABI uses 64 bit values, and allows a PV guest to specify linear
addresses.  There is nothing interesting a 32bit PV guest can reference which
will pass an __addr_ok() check (and therefore succeed), but we should still
explicitly check and reject such an attempt.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index d09cb3921d..5208e73734 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3868,6 +3868,10 @@ int create_grant_pv_mapping(uint64_t addr, unsigned long frame,
     }
     else
     {
+        /* Guest trying to pass an out-of-range linear address? */
+        if ( is_pv_32bit_domain(currd) && addr != (uint32_t)addr )
+            goto out;
+
         pl1e = map_guest_l1e(addr, &gl1mfn);
 
         if ( !pl1e )
@@ -4019,6 +4023,19 @@ int replace_grant_pv_mapping(uint64_t addr, unsigned long frame,
     }
     else
     {
+        if ( is_pv_32bit_domain(currd) )
+        {
+            if ( addr != (uint32_t)addr )
+            {
+                ASSERT_UNREACHABLE();
+                goto out;
+            }
+
+            /* Guest trying to pass an out-of-range linear address? */
+            if ( new_addr != (uint32_t)new_addr )
+                goto out;
+        }
+
         if ( new_addr && !steal_linear_address(new_addr, &nl1e) )
             goto out;