diff options
author | Ian Campbell <Ian.Campbell@citrix.com> | 2013-01-11 12:22:27 +0000 |
---|---|---|
committer | Ian Campbell <Ian.Campbell@citrix.com> | 2013-01-11 12:22:27 +0000 |
commit | 5bb2be127bb4ee2fa6fa4545ad68f084d3bc09b0 (patch) | |
tree | 85bbd2451aa2c5c30936b65841e3c096e56b417c /tools | |
parent | 5420f26507fc5c9853eb1076401a8658d72669da (diff) | |
download | xen-5bb2be127bb4ee2fa6fa4545ad68f084d3bc09b0.tar.gz xen-5bb2be127bb4ee2fa6fa4545ad68f084d3bc09b0.tar.bz2 xen-5bb2be127bb4ee2fa6fa4545ad68f084d3bc09b0.zip |
libxc: x86: ensure that the initial mapping fits into the guest's memory
In particular we need to check that adding 512KB of slack and
rounding up to a 4MB boundary do not overflow the guest's memory
allocation. Otherwise we run off the end of the p2m when building the
guest's initial page tables and populate them with garbage.
Wei noticed this when build tiny (2MB) mini-os domains.
Reported-by: Wei Liu <Wei.Liu2@citrix.com>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/libxc/xc_dom_core.c | 3 | ||||
-rw-r--r-- | tools/libxc/xc_dom_x86.c | 12 |
2 files changed, 14 insertions, 1 deletions
diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c index 99f90dd45e..c8062d8773 100644 --- a/tools/libxc/xc_dom_core.c +++ b/tools/libxc/xc_dom_core.c @@ -873,7 +873,8 @@ int xc_dom_build_image(struct xc_dom_image *dom) goto err; if ( dom->arch_hooks->count_pgtables ) { - dom->arch_hooks->count_pgtables(dom); + if ( dom->arch_hooks->count_pgtables(dom) != 0 ) + goto err; if ( (dom->pgtables > 0) && (xc_dom_alloc_segment(dom, &dom->pgtables_seg, "page tables", 0, dom->pgtables * page_size) != 0) ) diff --git a/tools/libxc/xc_dom_x86.c b/tools/libxc/xc_dom_x86.c index 0cf1687718..240d7265fa 100644 --- a/tools/libxc/xc_dom_x86.c +++ b/tools/libxc/xc_dom_x86.c @@ -82,6 +82,7 @@ static int count_pgtables(struct xc_dom_image *dom, int pae, { int pages, extra_pages; xen_vaddr_t try_virt_end; + xen_pfn_t try_pfn_end; extra_pages = dom->alloc_bootstack ? 1 : 0; extra_pages += dom->extra_pages; @@ -91,6 +92,17 @@ static int count_pgtables(struct xc_dom_image *dom, int pae, { try_virt_end = round_up(dom->virt_alloc_end + pages * PAGE_SIZE_X86, bits_to_mask(22)); /* 4MB alignment */ + + try_pfn_end = (try_virt_end - dom->parms.virt_base) >> PAGE_SHIFT_X86; + + if ( try_pfn_end > dom->total_pages ) + { + xc_dom_panic(dom->xch, XC_OUT_OF_MEMORY, + "%s: not enough memory for initial mapping (%#"PRIpfn" > %#"PRIpfn")", + __FUNCTION__, try_pfn_end, dom->total_pages); + return -ENOMEM; + } + dom->pg_l4 = nr_page_tables(dom, dom->parms.virt_base, try_virt_end, l4_bits); dom->pg_l3 = |