Kees Cook bf5802238d xen/gntalloc: Replace UAPI 1-element array
Without changing the structure size (since it is UAPI), add a proper
flexible array member, and reference it in the kernel so that it will
not be trip the array-bounds sanitizer[1].

Link: https://github.com/KSPP/linux/issues/113 [1]
Cc: Juergen Gross <jgross@suse.com>
Cc: Stefano Stabellini <sstabellini@kernel.org>
Cc: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Cc: Gustavo A. R. Silva <gustavoars@kernel.org>
Cc: xen-devel@lists.xenproject.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20240206170320.work.437-kees@kernel.org
Signed-off-by: Juergen Gross <jgross@suse.com>
2024-02-13 09:06:48 +01:00

88 lines
2.6 KiB
C

/******************************************************************************
* gntalloc.h
*
* Interface to /dev/xen/gntalloc.
*
* Author: Daniel De Graaf <dgdegra@tycho.nsa.gov>
*
* This file is in the public domain.
*/
#ifndef __LINUX_PUBLIC_GNTALLOC_H__
#define __LINUX_PUBLIC_GNTALLOC_H__
#include <linux/types.h>
/*
* Allocates a new page and creates a new grant reference.
*/
#define IOCTL_GNTALLOC_ALLOC_GREF \
_IOC(_IOC_NONE, 'G', 5, sizeof(struct ioctl_gntalloc_alloc_gref))
struct ioctl_gntalloc_alloc_gref {
/* IN parameters */
/* The ID of the domain to be given access to the grants. */
__u16 domid;
/* Flags for this mapping */
__u16 flags;
/* Number of pages to map */
__u32 count;
/* OUT parameters */
/* The offset to be used on a subsequent call to mmap(). */
__u64 index;
/* The grant references of the newly created grant, one per page */
/* Variable size, depending on count */
union {
__u32 gref_ids[1];
__DECLARE_FLEX_ARRAY(__u32, gref_ids_flex);
};
};
#define GNTALLOC_FLAG_WRITABLE 1
/*
* Deallocates the grant reference, allowing the associated page to be freed if
* no other domains are using it.
*/
#define IOCTL_GNTALLOC_DEALLOC_GREF \
_IOC(_IOC_NONE, 'G', 6, sizeof(struct ioctl_gntalloc_dealloc_gref))
struct ioctl_gntalloc_dealloc_gref {
/* IN parameters */
/* The offset returned in the map operation */
__u64 index;
/* Number of references to unmap */
__u32 count;
};
/*
* Sets up an unmap notification within the page, so that the other side can do
* cleanup if this side crashes. Required to implement cross-domain robust
* mutexes or close notification on communication channels.
*
* Each mapped page only supports one notification; multiple calls referring to
* the same page overwrite the previous notification. You must clear the
* notification prior to the IOCTL_GNTALLOC_DEALLOC_GREF if you do not want it
* to occur.
*/
#define IOCTL_GNTALLOC_SET_UNMAP_NOTIFY \
_IOC(_IOC_NONE, 'G', 7, sizeof(struct ioctl_gntalloc_unmap_notify))
struct ioctl_gntalloc_unmap_notify {
/* IN parameters */
/* Offset in the file descriptor for a byte within the page (same as
* used in mmap). If using UNMAP_NOTIFY_CLEAR_BYTE, this is the byte to
* be cleared. Otherwise, it can be any byte in the page whose
* notification we are adjusting.
*/
__u64 index;
/* Action(s) to take on unmap */
__u32 action;
/* Event channel to notify */
__u32 event_channel_port;
};
/* Clear (set to zero) the byte specified by index */
#define UNMAP_NOTIFY_CLEAR_BYTE 0x1
/* Send an interrupt on the indicated event channel */
#define UNMAP_NOTIFY_SEND_EVENT 0x2
#endif /* __LINUX_PUBLIC_GNTALLOC_H__ */