-
Notifications
You must be signed in to change notification settings - Fork 516
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
0-sized e820 entry after e820_alloc_region() #8617
Labels
status: new
The issue status: new for creation
Comments
jiaqingz-intel
added a commit
to jiaqingz-intel/acrn-hypervisor
that referenced
this issue
Jun 17, 2024
In current implementation, if there are multiple continous 4k-aligned modules, 0-sized e820 entries will be created between these regions. And for non-4k-aligned modules, when two of them are located in one page, the second memory range will not be reserved as it was not in one e820 entry after the first is reserved, making it vulnerable. This patch fixes it by marking the exact memory range of multiboot modules as unusable first, then shrinking the e820 entries to page boundary. If the module crosses multiple e820 entries, possibly due to a buggy bootloader, hypervisor will panic immediately to prevent modules getting corrupted. Tracked-On: projectacrn#8617 Signed-off-by: Jiaqing Zhao <[email protected]> Reviewed-by: Junjie Mao <[email protected]>
acrnsi-robot
pushed a commit
that referenced
this issue
Jun 20, 2024
In current implementation, if there are multiple continous 4k-aligned modules, 0-sized e820 entries will be created between these regions. And for non-4k-aligned modules, when two of them are located in one page, the second memory range will not be reserved as it was not in one e820 entry after the first is reserved, making it vulnerable. This patch fixes it by marking the exact memory range of multiboot modules as unusable first, then shrinking the e820 entries to page boundary. If the module crosses multiple e820 entries, possibly due to a buggy bootloader, hypervisor will panic immediately to prevent modules getting corrupted. Tracked-On: #8617 Signed-off-by: Jiaqing Zhao <[email protected]> Reviewed-by: Junjie Mao <[email protected]>
lifeix
pushed a commit
to lifeix/acrn-hypervisor
that referenced
this issue
Aug 15, 2024
In current implementation, if there are multiple continous 4k-aligned modules, 0-sized e820 entries will be created between these regions. And for non-4k-aligned modules, when two of them are located in one page, the second memory range will not be reserved as it was not in one e820 entry after the first is reserved, making it vulnerable. This patch fixes it by marking the exact memory range of multiboot modules as unusable first, then shrinking the e820 entries to page boundary. If the module crosses multiple e820 entries, possibly due to a buggy bootloader, hypervisor will panic immediately to prevent modules getting corrupted. Tracked-On: projectacrn#8617 Signed-off-by: Jiaqing Zhao <[email protected]> Reviewed-by: Junjie Mao <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hv_e820[3]
is a buggy, 0-sized e820 entry.The text was updated successfully, but these errors were encountered: