From: Julien Grall Date: Thu, 13 Aug 2015 12:41:09 +0000 (+0200) Subject: mm: populate_physmap: validate correctly the gfn for direct mapped domain X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~2624^2~5 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=9503ab0e9c6a41a1ee7a70c8ea9313d08ebaa8c5;p=xen.git mm: populate_physmap: validate correctly the gfn for direct mapped domain Direct mapped domain has already the memory allocated 1:1, so we are directly using the gfn as mfn to map the RAM in the guest. While we are validating that the page associated to the first mfn belongs to the domain, the subsequent MFN are not validated when the extent_order is > 0. This may result to map memory region (MMIO, RAM) which doesn't belong to the domain. Although, only DOM0 on ARM is using a direct memory mapped. So it doesn't affect any guest (at least on the upstream version) or even x86. Signed-off-by: Julien Grall Reviewed-by: Jan Beulich Release-acked-by: Wei Liu Acked-by: Ian Campbell --- diff --git a/xen/common/memory.c b/xen/common/memory.c index 61bb94c9a7..b541f4a165 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -126,22 +126,28 @@ static void populate_physmap(struct memop_args *a) if ( is_domain_direct_mapped(d) ) { mfn = gpfn; - if ( !mfn_valid(mfn) ) - { - gdprintk(XENLOG_INFO, "Invalid mfn %#"PRI_xen_pfn"\n", - mfn); - goto out; - } - page = mfn_to_page(mfn); - if ( !get_page(page, d) ) + for ( j = 0; j < (1U << a->extent_order); j++, mfn++ ) { - gdprintk(XENLOG_INFO, - "mfn %#"PRI_xen_pfn" doesn't belong to the" - " domain\n", mfn); - goto out; + if ( !mfn_valid(mfn) ) + { + gdprintk(XENLOG_INFO, "Invalid mfn %#"PRI_xen_pfn"\n", + mfn); + goto out; + } + + page = mfn_to_page(mfn); + if ( !get_page(page, d) ) + { + gdprintk(XENLOG_INFO, + "mfn %#"PRI_xen_pfn" doesn't belong to the" + " domain\n", mfn); + goto out; + } + put_page(page); } - put_page(page); + + page = mfn_to_page(gpfn); } else page = alloc_domheap_pages(d, a->extent_order, a->memflags);