From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: xen-devel <xen-devel@lists.xenproject.org>
Subject: {xen, dom0}_vga_console_info.u.vesa_lfb.lfb_base field too small
Date: Sun, 5 May 2019 15:27:40 +0200 [thread overview]
Message-ID: <20190505132740.GT1728@mail-itl> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 999 bytes --]
Hi,
I have a machine that allocate vesa LFB above 4GB, as reported by UEFI
GOP. At 0x4000000000 to be specific.
vga_console_info.u.vesa_lfb.lfb_base is a 32bit field, so it gets
truncated, leading to all kind of memory corruptions when something
writes there.
If that would be only about Xen, that wouldn't be that bad, but
unfortunately exactly the same structure is used as an interface for
dom0 start info (at least PV one).
My only idea is to introduce yet another entry in *_vga_console_info.u
union (efi_lfb64?) with a 64bit lfb_base field. And mark it in
video_type (XEN_VGATYPE_EFI_LFB64?). But I'm not sure how non-patched
Linux (or other supported OSes) would respond to this. xen_init_vga() in
Linux doesn't seem to bail on unknown video_type, so it may be fragile.
Any better ideas?
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
WARNING: multiple messages have this Message-ID (diff)
From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: xen-devel <xen-devel@lists.xenproject.org>
Subject: [Xen-devel] {xen, dom0}_vga_console_info.u.vesa_lfb.lfb_base field too small
Date: Sun, 5 May 2019 15:27:40 +0200 [thread overview]
Message-ID: <20190505132740.GT1728@mail-itl> (raw)
Message-ID: <20190505132740.0D-i-3rgYuo6n4_Suh1yvxRrQ1jFCJHiAZKEV3i9pRk@z> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 999 bytes --]
Hi,
I have a machine that allocate vesa LFB above 4GB, as reported by UEFI
GOP. At 0x4000000000 to be specific.
vga_console_info.u.vesa_lfb.lfb_base is a 32bit field, so it gets
truncated, leading to all kind of memory corruptions when something
writes there.
If that would be only about Xen, that wouldn't be that bad, but
unfortunately exactly the same structure is used as an interface for
dom0 start info (at least PV one).
My only idea is to introduce yet another entry in *_vga_console_info.u
union (efi_lfb64?) with a 64bit lfb_base field. And mark it in
video_type (XEN_VGATYPE_EFI_LFB64?). But I'm not sure how non-patched
Linux (or other supported OSes) would respond to this. xen_init_vga() in
Linux doesn't seem to bail on unknown video_type, so it may be fragile.
Any better ideas?
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
next reply other threads:[~2019-05-05 13:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-05 13:27 Marek Marczykowski-Górecki [this message]
2019-05-05 13:27 ` [Xen-devel] {xen, dom0}_vga_console_info.u.vesa_lfb.lfb_base field too small Marek Marczykowski-Górecki
2019-05-06 8:04 ` Juergen Gross
2019-05-06 8:04 ` [Xen-devel] " Juergen Gross
2019-05-06 9:57 ` Jan Beulich
2019-05-06 9:57 ` [Xen-devel] " Jan Beulich
2019-05-06 10:29 ` Marek Marczykowski
2019-05-06 10:29 ` [Xen-devel] " Marek Marczykowski
2019-05-06 11:46 ` Jan Beulich
2019-05-06 11:46 ` [Xen-devel] " Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190505132740.GT1728@mail-itl \
--to=marmarek@invisiblethingslab.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.