Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

0-sized e820 entry after e820_alloc_region() #8617

Open
jiaqingz-intel opened this issue May 30, 2024 · 0 comments
Open

0-sized e820 entry after e820_alloc_region() #8617

jiaqingz-intel opened this issue May 30, 2024 · 0 comments
Labels
status: new The issue status: new for creation

Comments

@jiaqingz-intel
Copy link
Contributor 

[0us][cpu=0][(null)][sev=1][seq=173]:e820_alloc_region: after hv_e820:
[0us][cpu=0][(null)][sev=1][seq=174]:hv_e820[0]:type: 0x1 Base: 0x0000000000000000 length: 0x000000000009e000
[0us][cpu=0][(null)][sev=1][seq=175]:hv_e820[1]:type: 0x2 Base: 0x000000000009e000 length: 0x0000000000062000
[0us][cpu=0][(null)][sev=1][seq=176]:hv_e820[2]:type: 0x1 Base: 0x0000000000100000 length: 0x0000000002100000
[0us][cpu=0][(null)][sev=1][seq=177]:hv_e820[3]:type: 0x1 Base: 0x0000000002e1e000 length: 0x0000000000000000
[0us][cpu=0][(null)][sev=1][seq=178]:hv_e820[4]:type: 0x1 Base: 0x0000000006e17000 length: 0x000000001e53c000
[0us][cpu=0][(null)][sev=1][seq=179]:hv_e820[5]:type: 0x2 Base: 0x0000000025353000 length: 0x0000000000080000
[0us][cpu=0][(null)][sev=1][seq=180]:hv_e820[6]:type: 0x1 Base: 0x00000000253d3000 length: 0x0000000006a2d000
[0us][cpu=0][(null)][sev=1][seq=181]:hv_e820[7]:type: 0x2 Base: 0x000000002be00000 length: 0x0000000000400000
[0us][cpu=0][(null)][sev=1][seq=182]:hv_e820[8]:type: 0x1 Base: 0x000000002c200000 length: 0x00000000001ed000
[0us][cpu=0][(null)][sev=1][seq=183]:hv_e820[9]:type: 0x2 Base: 0x000000002c3ed000 length: 0x00000000002fe000
[0us][cpu=0][(null)][sev=1][seq=184]:hv_e820[10]:type: 0x1 Base: 0x000000002c6eb000 length: 0x0000000000001000
[0us][cpu=0][(null)][sev=1][seq=185]:hv_e820[11]:type: 0x2 Base: 0x000000002c6ec000 length: 0x0000000001c57000
[0us][cpu=0][(null)][sev=1][seq=186]:hv_e820[12]:type: 0x1 Base: 0x000000002e343000 length: 0x000000000566a000
[0us][cpu=0][(null)][sev=1][seq=187]:hv_e820[13]:type: 0x2 Base: 0x00000000339ad000 length: 0x0000000000001000
[0us][cpu=0][(null)][sev=1][seq=188]:hv_e820[14]:type: 0x1 Base: 0x00000000339ae000 length: 0x0000000001058000
[0us][cpu=0][(null)][sev=1][seq=189]:hv_e820[15]:type: 0x2 Base: 0x0000000034a06000 length: 0x0000000000001000
[0us][cpu=0][(null)][sev=1][seq=190]:hv_e820[16]:type: 0x1 Base: 0x0000000034a07000 length: 0x0000000004e44000
[0us][cpu=0][(null)][sev=1][seq=191]:hv_e820[17]:type: 0x2 Base: 0x000000003984b000 length: 0x000000000499a000
[0us][cpu=0][(null)][sev=1][seq=192]:hv_e820[18]:type: 0x1 Base: 0x000000003e1e5000 length: 0x00000000005d2000
[0us][cpu=0][(null)][sev=1][seq=193]:hv_e820[19]:type: 0x2 Base: 0x000000003e7b7000 length: 0x0000000003b8e000
[0us][cpu=0][(null)][sev=1][seq=194]:hv_e820[20]:type: 0x3 Base: 0x0000000042345000 length: 0x0000000000114000
[0us][cpu=0][(null)][sev=1][seq=195]:hv_e820[21]:type: 0x4 Base: 0x0000000042459000 length: 0x00000000001f9000
[0us][cpu=0][(null)][sev=1][seq=196]:hv_e820[22]:type: 0x2 Base: 0x0000000042652000 length: 0x0000000007dae000
[0us][cpu=0][(null)][sev=1][seq=197]:hv_e820[23]:type: 0x2 Base: 0x000000004b000000 length: 0x0000000005400000
[0us][cpu=0][(null)][sev=1][seq=198]:hv_e820[24]:type: 0x2 Base: 0x00000000c0000000 length: 0x0000000010000000
[0us][cpu=0][(null)][sev=1][seq=199]:hv_e820[25]:type: 0x2 Base: 0x00000000fe000000 length: 0x0000000000011000
[0us][cpu=0][(null)][sev=1][seq=200]:hv_e820[26]:type: 0x2 Base: 0x00000000fec00000 length: 0x0000000000001000
[0us][cpu=0][(null)][sev=1][seq=201]:hv_e820[27]:type: 0x2 Base: 0x00000000fed00000 length: 0x0000000000001000
[0us][cpu=0][(null)][sev=1][seq=202]:hv_e820[28]:type: 0x2 Base: 0x00000000fed20000 length: 0x0000000000060000
[0us][cpu=0][(null)][sev=1][seq=203]:hv_e820[29]:type: 0x2 Base: 0x00000000fee00000 length: 0x0000000000001000
[0us][cpu=0][(null)][sev=1][seq=204]:hv_e820[30]:type: 0x2 Base: 0x00000000ff000000 length: 0x0000000001000000
[0us][cpu=0][(null)][sev=1][seq=205]:hv_e820[31]:type: 0x1 Base: 0x0000000100000000 length: 0x00000007afc00000
[0us][cpu=0][(null)][sev=1][seq=206]:e820_alloc_region: =====================

hv_e820[3] is a buggy, 0-sized e820 entry.
@jiaqingz-intel jiaqingz-intel added the status: new The issue status: new for creation label May 30, 2024
jiaqingz-intel added a commit to jiaqingz-intel/acrn-hypervisor that referenced this issue Jun 17, 2024
@jiaqingz-intel
e820: properly reserve memory for multiboot modules
e8ea9e1 
In current implementation, if there are multiple continous 4k-aligned
modules, 0-sized e820 entries will be created between these regions.
And for non-4k-aligned modules, when two of them are located in one
page, the second memory range will not be reserved as it was not in
one e820 entry after the first is reserved, making it vulnerable.

This patch fixes it by marking the exact memory range of multiboot
modules as unusable first, then shrinking the e820 entries to page
boundary. If the module crosses multiple e820 entries, possibly due
to a buggy bootloader, hypervisor will panic immediately to prevent
modules getting corrupted.

Tracked-On: projectacrn#8617
Signed-off-by: Jiaqing Zhao <[email protected]>
Reviewed-by: Junjie Mao <[email protected]>
@jiaqingz-intel jiaqingz-intel mentioned this issue Jun 17, 2024
Merged
acrnsi-robot pushed a commit that referenced this issue Jun 20, 2024
@jiaqingz-intel @acrnsi-robot
e820: properly reserve memory for multiboot modules
53825c5 
In current implementation, if there are multiple continous 4k-aligned
modules, 0-sized e820 entries will be created between these regions.
And for non-4k-aligned modules, when two of them are located in one
page, the second memory range will not be reserved as it was not in
one e820 entry after the first is reserved, making it vulnerable.

This patch fixes it by marking the exact memory range of multiboot
modules as unusable first, then shrinking the e820 entries to page
boundary. If the module crosses multiple e820 entries, possibly due
to a buggy bootloader, hypervisor will panic immediately to prevent
modules getting corrupted.

Tracked-On: #8617
Signed-off-by: Jiaqing Zhao <[email protected]>
Reviewed-by: Junjie Mao <[email protected]>
lifeix pushed a commit to lifeix/acrn-hypervisor that referenced this issue Aug 15, 2024
@jiaqingz-intel @acrnsi-robot
e820: properly reserve memory for multiboot modules
7c80439 
In current implementation, if there are multiple continous 4k-aligned
modules, 0-sized e820 entries will be created between these regions.
And for non-4k-aligned modules, when two of them are located in one
page, the second memory range will not be reserved as it was not in
one e820 entry after the first is reserved, making it vulnerable.

This patch fixes it by marking the exact memory range of multiboot
modules as unusable first, then shrinking the e820 entries to page
boundary. If the module crosses multiple e820 entries, possibly due
to a buggy bootloader, hypervisor will panic immediately to prevent
modules getting corrupted.

Tracked-On: projectacrn#8617
Signed-off-by: Jiaqing Zhao <[email protected]>
Reviewed-by: Junjie Mao <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: new The issue status: new for creation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jiaqingz-intel