On Thu, Nov 17, 2022 at 01:08:01AM +0000, Andrew Cooper wrote:
> The existing XEN_DOMCTL_SHADOW_OP_{GET,SET}_ALLOCATION have problems:
>
> * All set_allocation() flavours have an overflow-before-widen bug when
> calculating "sc->mb << (20 - PAGE_SHIFT)".
> * All flavours have a granularity of 1M. This was tolerable when the size of
> the pool could only be set at the same granularity, but is broken now that
> ARM has a 16-page stopgap allocation in use.
> * All get_allocation() flavours round up, and in particular turn 0 into 1,
> meaning the get op returns junk before a successful set op.
> * The x86 flavours reject the hypercalls before the VM has vCPUs allocated,
> despite the pool size being a domain property.
> * Even the hypercall names are long-obsolete.
>
> Implement a better interface, which can be first used to unit test the
> behaviour, and subsequently correct a broken implementation. The old
> interface will be retired in due course.
>
> The unit of bytes (as opposed pages) is a deliberate API/ABI improvement to
> more easily support multiple page granularities.
>
> This is part of XSA-409 / CVE-2022-33747.
>
> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
> Release-acked-by: Henry Wang <henry.w...@arm.com>
Acked-by: Anthony PERARD <anthony.per...@citrix.com>
Thanks,
--
Anthony PERARD
