[Xen-devel] [PATCH RFC 16/44] xen/ipi: Introduce arch_ipi_param_ok() to check IPI parameters

Thu, 04 Jan 2018 12:31:58 -0800 

There are some addresses which are not safe to pass as IPI parameters, as they
are not mapped on other cpus (or worse, mapped to something else).  Introduce
an arch-specific audit hook which is used to check the parameter.

ARM has this stubbed to true, whereas x86 now excluses pointers in the PERCPU
range.

Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
---
 xen/common/smp.c          |  1 +
 xen/include/asm-arm/smp.h |  3 +++
 xen/include/asm-x86/smp.h | 15 +++++++++++++++
 3 files changed, 19 insertions(+)

diff --git a/xen/common/smp.c b/xen/common/smp.c
index 79f4ebd..1ffc21c 100644
--- a/xen/common/smp.c
+++ b/xen/common/smp.c
@@ -54,6 +54,7 @@ void on_selected_cpus(
 
     ASSERT(local_irq_is_enabled());
     ASSERT(cpumask_subset(selected, &cpu_online_map));
+    ASSERT(arch_ipi_param_ok(info));
 
     spin_lock(&call_lock);
 
diff --git a/xen/include/asm-arm/smp.h b/xen/include/asm-arm/smp.h
index 3c12268..2f12e5c 100644
--- a/xen/include/asm-arm/smp.h
+++ b/xen/include/asm-arm/smp.h
@@ -28,6 +28,9 @@ extern void init_secondary(void);
 extern void smp_init_cpus(void);
 extern void smp_clear_cpu_maps (void);
 extern int smp_get_max_cpus (void);
+
+static inline bool arch_ipi_param_ok(const void *param) { return true; }
+
 #endif
 
 /*
diff --git a/xen/include/asm-x86/smp.h b/xen/include/asm-x86/smp.h
index 7fcc946..5fea27d 100644
--- a/xen/include/asm-x86/smp.h
+++ b/xen/include/asm-x86/smp.h
@@ -73,6 +73,21 @@ void set_nr_sockets(void);
 /* Representing HT and core siblings in each socket. */
 extern cpumask_t **socket_cpumask;
 
+static inline bool arch_ipi_param_ok(const void *_param)
+{
+    unsigned long param = (unsigned long)_param;
+
+    /*
+     * It is not safe to pass pointers in the PERCPU linear range to other
+     * cpus in an IPI.
+     *
+     * Not all parameters passed are actually pointers, so only reject
+     * parameters which are a canonical address in the PERCPU range.
+     */
+    return (!is_canonical_address(param) ||
+            l4_table_offset(param) != l4_table_offset(PERCPU_LINEAR_START));
+}
+
 #endif /* !__ASSEMBLY__ */
 
 #endif
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to