[PATCH] don't put dom0 console info directly after start_info data

[PATCH] don't put dom0 console info directly after start_info data

[Juergen Gross]

The console information of dom0 is living in the same memory page as the
start_info data. Don't put the console data directly after the start_info
to leave some room for future structure enlargements. Otherwise a dom0
with a newer start_info layout than the hypervisor could interprete
console data as part of the start_info data.

Before commit 50bd1f0825339dfacde471df7664729216fc46e3 there used to be a
padding at the end of start_info, but this was removed as it was regarded
to be not necessary.

Signed-off-by: Juergen Gross <jgross@suse.com>
---
 xen/arch/x86/domain_build.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/domain_build.c b/xen/arch/x86/domain_build.c
index d76707f..065406b 100644
--- a/xen/arch/x86/domain_build.c
+++ b/xen/arch/x86/domain_build.c
@@ -1462,9 +1462,11 @@ int __init construct_dom0(
     if ( cmdline != NULL )
         strlcpy((char *)si->cmd_line, cmdline, sizeof(si->cmd_line));
 
-    if ( fill_console_start_info((void *)(si + 1)) )
+    if ( fill_console_start_info((void *)si + PAGE_SIZE -
+                                 sizeof(struct dom0_vga_console_info)) )
     {
-        si->console.dom0.info_off  = sizeof(struct start_info);
+        si->console.dom0.info_off  =
+            PAGE_SIZE - sizeof(struct dom0_vga_console_info);
         si->console.dom0.info_size = sizeof(struct dom0_vga_console_info);
     }
 
-- 
2.1.4

Re: [PATCH] don't put dom0 console info directly after start_info data

[Jan Beulich]

>>> On 19.06.15 at 13:06, <"jgross@suse.com".non-mime.internet> wrote:
> The console information of dom0 is living in the same memory page as the
> start_info data. Don't put the console data directly after the start_info
> to leave some room for future structure enlargements. Otherwise a dom0
> with a newer start_info layout than the hypervisor could interprete
> console data as part of the start_info data.
> 
> Before commit 50bd1f0825339dfacde471df7664729216fc46e3 there used to be a
> padding at the end of start_info, but this was removed as it was regarded
> to be not necessary.

Said commit removed padding from shared_info, not start_info. Nor
would the suggested change be the correct one for a problem like
this. Instead the kernel should check how much of the shared info
structure it knows about is valid (which Dom0 can easily do using
console.dom0.info_off - that is, after all, why this is being placed at
a variable offset; DomU currently has no problem, as the rest of the
page is zero for it). If a future extension makes it so that this can't
be determined implicitly, a suitable SIF_* flag would need to be added.

Jan

Re: [PATCH] don't put dom0 console info directly after start_info data

[Juergen Gross]

On 06/19/2015 02:04 PM, Jan Beulich wrote:
>>>> On 19.06.15 at 13:06, <"jgross@suse.com".non-mime.internet> wrote:
>> The console information of dom0 is living in the same memory page as the
>> start_info data. Don't put the console data directly after the start_info
>> to leave some room for future structure enlargements. Otherwise a dom0
>> with a newer start_info layout than the hypervisor could interprete
>> console data as part of the start_info data.
>>
>> Before commit 50bd1f0825339dfacde471df7664729216fc46e3 there used to be a
>> padding at the end of start_info, but this was removed as it was regarded
>> to be not necessary.
>
> Said commit removed padding from shared_info, not start_info.

Aargh, not enough coffee, I guess.

Sorry for the noise.


Juergen