From patchwork Wed Jan 11 13:57:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Beulich X-Patchwork-Id: 13096711 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 70856C46467 for ; Wed, 11 Jan 2023 13:58:10 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.475386.737077 (Exim 4.92) (envelope-from ) id 1pFbc8-0000YC-9I; Wed, 11 Jan 2023 13:58:00 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 475386.737077; Wed, 11 Jan 2023 13:58:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFbc8-0000Y5-6b; Wed, 11 Jan 2023 13:58:00 +0000 Received: by outflank-mailman (input) for mailman id 475386; Wed, 11 Jan 2023 13:57:58 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1pFbc6-0008Co-5B for xen-devel@lists.xenproject.org; Wed, 11 Jan 2023 13:57:58 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2068.outbound.protection.outlook.com [40.107.6.68]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id f3a98656-91b7-11ed-91b6-6bf2151ebd3b; Wed, 11 Jan 2023 14:57:57 +0100 (CET) Received: from VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) by DB9PR04MB8073.eurprd04.prod.outlook.com (2603:10a6:10:24d::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.18; Wed, 11 Jan 2023 13:57:56 +0000 Received: from VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::2991:58a4:e308:4389]) by VE1PR04MB6560.eurprd04.prod.outlook.com ([fe80::2991:58a4:e308:4389%7]) with mapi id 15.20.6002.012; Wed, 11 Jan 2023 13:57:56 +0000 X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f3a98656-91b7-11ed-91b6-6bf2151ebd3b ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TSRKM4oRF64gC77pPF7nUVgW9tf0uMUPNbvDdzwKSND6YmoJUfF0iuVSTtzSaYmNkSCX8TEHXa68Pm+0oRj5ciyS3hRsvNMdR30ao483g5gPf0bv8VwRtd1qWPszc7w9Sx47PS8kzY37oluYMRNkVQR243c0L7F+z+063GgedLF5tncE9JUitRgzKj0gAftE5TG1HmoDiJcdPEsrmUDYHyVTRlIc5bKCiojTWN8S//Pi4enidjmE5yxRv5TCt3lbi19HZnTkGrgaVZp8xvbGrmsl5vtYE6vvs/fTuqN4vHT9bRAKZsZ0F9DvEnXZ4FP75tVihJVYkZgsAudVgKZM4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bY7YXGCVxaLa3//TMr+/cVinLxzirB14/tYwJGkYJjk=; b=hNLalCz4m6o2ykOlQQqlaXVOBukHG/SzuXvBpL6I5w0hkkZ8sND+rODYbJhiH9fxxfgQ/JDfZdI1Jb/uXidSrHCMLL/J68l3rxrOaYX+e04eKqR1WRMiU52Bw3/ezmfgpcKdbBBzD9M0+TYeYyknAx/uHbPpLAVxjHhNSwvgPPT2PfDvp0Y/A0mO13PFupLAeVeMNEOA2cI0n1fEsjr8BluLqHsOXlQm/SPKilIAdpbNIMJ542CfeV0x6x0DvQ9Wz1Io2X8U7TamTKAf+w1bxySpLgQ/rDQo0iHKZZ9OlmCZkpObocl2jBmameezeLH9uSUbAQiLlzaq1AWGH5QUFQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bY7YXGCVxaLa3//TMr+/cVinLxzirB14/tYwJGkYJjk=; b=N15A5ATS7ywjuhcOKx2GNBO/I77JMKDUY5NiRnwW0ihxCok6GzCNdKVxNM+UKRew7PFspHLI6Ke7RKwxnEAXRxrcDhh90l2HIk1ez3oVS4BmNYys3Quna7BcUZGlW/rPUbh9xX/1nz7jkEVw/KwMrpuKLJQymjoAmxq+qtdyaVnP0aD6h2bTGiFbEATGwNDQMaVVIis+CA0L5gFTygdC5MJQc/9Pyi+M62Pm3GnEwaqKpPoXWKIscq4OymCv+OVllyrvZos45eYzSOt6NDQenUy2e56RQWu+mVAmyh5YBZ5HmBrUcTmnwzVIUKwHX031ShxldS7rDUbcfOEoGgLfrA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Message-ID: <9bea51eb-4fbd-b061-52d7-c6c234d060a1@suse.com> Date: Wed, 11 Jan 2023 14:57:54 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: [PATCH v2 9/9] x86/shadow: harden shadow_size() Content-Language: en-US From: Jan Beulich To: "xen-devel@lists.xenproject.org" Cc: Andrew Cooper , Wei Liu , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Tim Deegan , George Dunlap References: In-Reply-To: X-ClientProxiedBy: FR3P281CA0175.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a0::12) To VE1PR04MB6560.eurprd04.prod.outlook.com (2603:10a6:803:122::25) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: VE1PR04MB6560:EE_|DB9PR04MB8073:EE_ X-MS-Office365-Filtering-Correlation-Id: 7e217842-588d-493e-9601-08daf3dbd751 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: VZsiGfwYLcPJVSOfMGpKtPDMqAtgpCG3tRjXgraxkoxOwP/vfVnUVrOWXD7eA7crR7rcnHAJsbW6QxV49Y29YxfC51Eez7ATGuh8k7UclifmXlunV8HIHe9tdMWqEjQ/FkPVz3zGBI64PRG/uS6ae6U4/aT80Ck+D9fsnoaolM1HxUk7hNZYZQbXyTtK+zIocV5MIjvcvsbvCyKB8vLZQXVrmh6WFMFiunp16NHmlTnTzM42pRoZlOVNBFmzm38ajohznsS10rEomS6bL4nZWbUC6JcbYtHhef/TBapRrYGubtJCkJYryaGBiBh12QmB/QzeWMReX+16YhQgzXknWnskOsJBN75ogglRB7TSwi+7jjBGT4cVmcFUMuQe3PeM4Wr+OWmeN/ywSxdgLsc0d51P87UwAIPoISZ/OA1bEGJJu4NH8qP3AwBVmSt17+wI7Y9WvUsQKgfx2/rK8+TA+NEpvnUt9FRdEjV7hD32TNTUMUKxF0sTJknXaVsW/AH4I6CfHOnNFs1STYQybiVRhYmq81dNEl8832LKn0Nh1SVsotRpyuboolVqf2+I4pQxJgHCH5Po752CQ0f7V50ZRRaMXveI+ejZ77OUDAdCIqEttnFcx3eqgtjG1OTj6QEP2SyMqPDWcJK9WPhcZIudEq7mch0/xLfRKcngvOGoX870MgMCZ4HERAZVI0+hw5U3/p4bc7D5O8kmLi93aVMNbZNeV7PaqWLI7asoaooh1Nk= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VE1PR04MB6560.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(136003)(346002)(39860400002)(366004)(376002)(396003)(451199015)(8676002)(66946007)(31686004)(41300700001)(2906002)(8936002)(5660300002)(36756003)(4744005)(6916009)(66476007)(316002)(6512007)(66556008)(54906003)(478600001)(6486002)(6506007)(4326008)(26005)(186003)(2616005)(31696002)(83380400001)(86362001)(38100700002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?JIWIsK0cfHTVaGh6kx4RQoMZaSUV?= =?utf-8?q?9SiwQ2ibaF8TwMdIctPgcN6wNDCLMS4qq+x2iwiV5CLZyREXDhPzjB5bTVA7klUFk?= =?utf-8?q?r3H8mKg9exQ2foQ0oC/DNrDSizNBnCnhbxA0TAqV8cXCiHuJFjZdNByGtEcqvdwXA?= =?utf-8?q?CdmHP5U+p/Owclg11REqb6L/VnxQZ2k4L2e7NYOi66EFRFVbqm/SPyBRwA+TAtdgM?= =?utf-8?q?AFJguOJZGlW6GKZjjMd4qG+GyLiz2Gf8hgdOekwqVysQG3xixLr1+ha8A4fh3itWc?= =?utf-8?q?Ubflsym3Du6OIjqGv4AT5cceellzCfpsUhs/IUfDPD5r5cNpwVEAlVUfBhJu1LC7L?= =?utf-8?q?hvFbWLVDz0EN33VlOQQnFFgWkTykzxJmUnhH4HMcsmY4ULwPX+M62G77V4243UxDw?= =?utf-8?q?xZJZmKBqWhAhzy6rnGa/kaWsXQmsRKwVwBUveVIvLjWACyoIoLUmKJ8x3tE5uu8vY?= =?utf-8?q?7JyW7BtmrIxFxHqbGt6csVU/WqRKGMFl77LPCxyffFk3H1RPNOwL1gawh4TEvadyH?= =?utf-8?q?rN+vevOmC7K8wh6uVKaOuQpieyilfQsv661mcK4XwlFtrmMo7jQGeeQtBakHoCcq2?= =?utf-8?q?81hWHUXnCmyH5mpZ2eEp2xuDfEiZSeA2FPaQuWhdbjZ6bMRJxZzwRNPIKVt+opcpC?= =?utf-8?q?/HmNBOXVwmDqvTsc9rNQciIY3Dz0/trP1ItqMRf72zruMdRuk8G+kR8gkXLXJnnBm?= =?utf-8?q?TphgsRVelNGk/yrjFt9AT9tVEeX5TKWJQHaosLS1obvY7SE/kKyU2gZIpFAOTVc07?= =?utf-8?q?OGsG9p5wjjR1fxxx+DSixAeH2V3SxioO/TEZ120a6H7Pl42uhdYqV/C501kG4W+8/?= =?utf-8?q?Lz6XuTXjE6xLc0iSKvE7U0PTIf+PZhLQmmuCrpwSv5FRqXGwxOMQLUXx7F2AKabQl?= =?utf-8?q?vdQqdYpCHgmxjouZwp6sA/TU26niZThaaHDoq/po563O7R8GjclxnoMYdJcaR7W6n?= =?utf-8?q?EvsDkgHf4946kQCUPiR/aaHKytPefBv9wec922ipPug3IkzgYFdopmrvkB/Z2O1sq?= =?utf-8?q?L0fOLbtYWGItnGTNo9dfNwG2QpnaxDjQIgasFDbIceD8r/tUxja3gz5/3nNrsVcfq?= =?utf-8?q?S/FxYx9XuyBWG3NY+FiExpK95HukJ0JYGkxe3nHbNha0IsQk9OUOPg3dEJ3ZkrVZZ?= =?utf-8?q?PsXdnKrVauJJg5lojUyfHRHFTuMy55MwnSQYtaiaJzFQEhEYQWiH3uOKLOJxCjqpw?= =?utf-8?q?v0Gl+ogk0j8nWEuawmL6GdxYgHsrJgQ4Cx1UMwhObOVTIh4E0E/AWST7ytA8bqHrd?= =?utf-8?q?8Ap0yN06zykWgUfOnjruxMkWZ7QKfkNxAB9gcG6sYWaTrGu9WE7L8ZBjtTzBt8De/?= =?utf-8?q?1vfozkb9hxTEbrF2vai2hoeuT5s5adW4cX0KZtw24r9kBx8tAediE9UWiW6sRiwfk?= =?utf-8?q?hfaiincvJYHbWjXAjhJGN94MdydLuwlfjg3pOCI5fQZChQp1nV0lT61dFmbglkwte?= =?utf-8?q?fHHZR3CqHEqHSjVN3sPO5sJ6F02o4gdULbBQ0/9uIw4xKkldU/TzYLX1ZvyxHW57h?= =?utf-8?q?GX7+O2wCHpOf?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7e217842-588d-493e-9601-08daf3dbd751 X-MS-Exchange-CrossTenant-AuthSource: VE1PR04MB6560.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2023 13:57:56.3119 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: pNl8/x3onggPgJYTTXZSXr9YCczCD1KgrwhkC/lBGac3cJeF+R61O/ju2UbgrjpkCx/Jb9QOq1oFBgqWWxTkVw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR04MB8073 Make HVM=y release build behavior prone against array overrun, by (ab)using array_access_nospec(). This is in particular to guard against e.g. SH_type_unused making it here unintentionally. Signed-off-by: Jan Beulich --- v2: New. --- a/xen/arch/x86/mm/shadow/private.h +++ b/xen/arch/x86/mm/shadow/private.h @@ -27,6 +27,7 @@ // been included... #include #include +#include #include #include #include @@ -368,7 +369,7 @@ shadow_size(unsigned int shadow_type) { #ifdef CONFIG_HVM ASSERT(shadow_type < ARRAY_SIZE(sh_type_to_size)); - return sh_type_to_size[shadow_type]; + return array_access_nospec(sh_type_to_size, shadow_type); #else ASSERT(shadow_type < SH_type_unused); return shadow_type != SH_type_none;