Re: [PATCH] x86/hvm: be more strict with XENMAPSPACE_gmfn source types

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Roger Pau Monné" <roger.pau@citrix.com>
To: xen-devel@lists.xenproject.org
Cc: Jan Beulich <jbeulich@suse.com>,
	Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH] x86/hvm: be more strict with XENMAPSPACE_gmfn source types
Date: Fri, 5 Dec 2025 11:11:10 +0100	[thread overview]
Message-ID: <aTKvvsJLb30C3t7c@Mac.lan> (raw)
In-Reply-To: <20251205093151.56207-1-roger.pau@citrix.com>

On Fri, Dec 05, 2025 at 10:31:51AM +0100, Roger Pau Monne wrote:
> XENMAPSPACE_gmfn{_range} allows moving gfn around the guest p2m: the mfn
> behind the source gfn is zapped from the origin and mapped at the
> requested destination gfn.  The destination p2m entries are always created
> with type p2m_ram_rw.
> 
> With the current checking done in xenmem_add_to_physmap_one() it's possible
> to use XENMAPSPACE_gmfn{_range} to change the type of a p2m entry.  The
> source gfn is only checked to be not shared, and that the underlying page
> is owned by the domain.
> 
> Make the source checks more strict, by checking that the source gfn is of
> type p2m_ram_rw.  That prevents the operation from inadvertently changing
> the type as part of the move.

This is missing:

Fixes: 3e50af3d8776 ('New XENMAPSPACE_gmfn parameter for XENMEM_add_to_physmap.')

The hypercall was missing any p2m type checks since introduction.
It's possible the get_page() seemed enough, but it was dangerous to
not account for new incompatible p2m types being added down the road.

Thanks, Roger.

     prev parent reply	other threads:[~2025-12-05 10:11 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-05  9:31 [PATCH] x86/hvm: be more strict with XENMAPSPACE_gmfn source types Roger Pau Monne
2025-12-05 10:04 ` Jan Beulich
2025-12-05 10:11 ` Roger Pau Monné [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aTKvvsJLb30C3t7c@Mac.lan \
    --to=roger.pau@citrix.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.