Message ID | a306c4811973d80c83f1cb46cdbef1aa54ac6379.1593974333.git.michal.leszczynski@cert.pl (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | Implement support for external IPT monitoring | expand |
Hi, On 05/07/2020 19:55, Michał Leszczyński wrote: > From: Michal Leszczynski <michal.leszczynski@cert.pl> > > Allow to map processor trace buffer using > acquire_resource(). > > Signed-off-by: Michal Leszczynski <michal.leszczynski@cert.pl> > --- > xen/common/memory.c | 28 ++++++++++++++++++++++++++++ > xen/include/public/memory.h | 1 + > 2 files changed, 29 insertions(+) > > diff --git a/xen/common/memory.c b/xen/common/memory.c > index eb42f883df..04f4e152c0 100644 > --- a/xen/common/memory.c > +++ b/xen/common/memory.c > @@ -1007,6 +1007,29 @@ static long xatp_permission_check(struct domain *d, unsigned int space) > return xsm_add_to_physmap(XSM_TARGET, current->domain, d); > } > > +static int acquire_vmtrace_buf(struct domain *d, unsigned int id, > + unsigned long frame, Shouldn't this be uint64_t to avoid truncation? > + unsigned int nr_frames, > + xen_pfn_t mfn_list[]) > +{ > + mfn_t mfn; > + unsigned int i; > + struct vcpu *v = domain_vcpu(d, id); > + > + if ( !v || !v->vmtrace.pt_buf ) > + return -EINVAL; > + > + mfn = page_to_mfn(v->vmtrace.pt_buf); > + > + if ( frame + nr_frames > (v->domain->vmtrace_pt_size >> PAGE_SHIFT) ) frame + nr_frames could possibly overflow a 64-bit value and therefore still pass the check. So I would suggest to use: (frame > (v->domain_vm_ptrace_pt_size >> PAGE_SHIFT)) || (nr_frames > ((v->domain_vm_ptrace_pt_size >> PAGE_SHIFT) - frame)) Cheers,
diff --git a/xen/common/memory.c b/xen/common/memory.c index eb42f883df..04f4e152c0 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1007,6 +1007,29 @@ static long xatp_permission_check(struct domain *d, unsigned int space) return xsm_add_to_physmap(XSM_TARGET, current->domain, d); } +static int acquire_vmtrace_buf(struct domain *d, unsigned int id, + unsigned long frame, + unsigned int nr_frames, + xen_pfn_t mfn_list[]) +{ + mfn_t mfn; + unsigned int i; + struct vcpu *v = domain_vcpu(d, id); + + if ( !v || !v->vmtrace.pt_buf ) + return -EINVAL; + + mfn = page_to_mfn(v->vmtrace.pt_buf); + + if ( frame + nr_frames > (v->domain->vmtrace_pt_size >> PAGE_SHIFT) ) + return -EINVAL; + + for ( i = 0; i < nr_frames; i++ ) + mfn_list[i] = mfn_x(mfn_add(mfn, frame + i)); + + return 0; +} + static int acquire_grant_table(struct domain *d, unsigned int id, unsigned long frame, unsigned int nr_frames, @@ -1117,6 +1140,11 @@ static int acquire_resource( mfn_list); break; + case XENMEM_resource_vmtrace_buf: + rc = acquire_vmtrace_buf(d, xmar.id, xmar.frame, xmar.nr_frames, + mfn_list); + break; + default: rc = arch_acquire_resource(d, xmar.type, xmar.id, xmar.frame, xmar.nr_frames, mfn_list); diff --git a/xen/include/public/memory.h b/xen/include/public/memory.h index 21057ed78e..f4c905a10e 100644 --- a/xen/include/public/memory.h +++ b/xen/include/public/memory.h @@ -625,6 +625,7 @@ struct xen_mem_acquire_resource { #define XENMEM_resource_ioreq_server 0 #define XENMEM_resource_grant_table 1 +#define XENMEM_resource_vmtrace_buf 2 /* * IN - a type-specific resource identifier, which must be zero