Mark Langsdorf
2007-Dec-03 16:48 UTC
[Xen-devel] [PATCH][cpufreq] add bounds checking for getcpuidletime
The Xen platform hypercall for getting the cpu idletime does not check to make sure that all cpus in the map have indexes less than the size of the array that it writes the data into. Add bounds checking to avoid memory corruption. Signed-off-by: Mark Langsdorf <mark.langsdorf@amd.com> diff -r d40788f07a4f xen/arch/x86/platform_hypercall.c --- a/xen/arch/x86/platform_hypercall.c Sun Nov 25 12:43:13 2007 +0000 +++ b/xen/arch/x86/platform_hypercall.c Mon Dec 03 10:25:23 2007 -0600 @@ -326,6 +326,9 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe cpu_clear(cpu, cpumap); } + if (cpu >= ctlmap.nr_cpus) + continue; + ret = -EFAULT; if ( copy_to_guest_offset(idletimes, cpu, &idletime, 1) ) goto out; _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2007-Dec-04 11:53 UTC
Re: [Xen-devel] [PATCH][cpufreq] add bounds checking for getcpuidletime
This is supposed to be handled by xenctl_cpumap_to_cpumask, but it looks like it''s buggy. I checked in a fix as changeset 16519. Can you please try with that and see if it fixes your problem? -- Keir On 3/12/07 16:48, "Mark Langsdorf" <mark.langsdorf@amd.com> wrote:> The Xen platform hypercall for getting the cpu idletime does not > check to make sure that all cpus in the map have indexes less > than the size of the array that it writes the data into. Add > bounds checking to avoid memory corruption. > > Signed-off-by: Mark Langsdorf <mark.langsdorf@amd.com> > > diff -r d40788f07a4f xen/arch/x86/platform_hypercall.c > --- a/xen/arch/x86/platform_hypercall.c Sun Nov 25 12:43:13 2007 +0000 > +++ b/xen/arch/x86/platform_hypercall.c Mon Dec 03 10:25:23 2007 -0600 > @@ -326,6 +326,9 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe > cpu_clear(cpu, cpumap); > } > > + if (cpu >= ctlmap.nr_cpus) > + continue; > + > ret = -EFAULT; > if ( copy_to_guest_offset(idletimes, cpu, &idletime, 1) ) > goto out; > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xensource.com > http://lists.xensource.com/xen-devel_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Langsdorf, Mark
2007-Dec-04 16:51 UTC
RE: [Xen-devel] [PATCH][cpufreq] add bounds checking for getcpuidletime
16519 fixes my problem. Thanks! -Mark Langsdorf Operating System Research Center AMD> -----Original Message----- > From: Keir Fraser [mailto:Keir.Fraser@cl.cam.ac.uk] > Sent: Tuesday, December 04, 2007 5:54 AM > To: Langsdorf, Mark; xen-devel@lists.xensource.com > Subject: Re: [Xen-devel] [PATCH][cpufreq] add bounds checking > for getcpuidletime > > This is supposed to be handled by xenctl_cpumap_to_cpumask, > but it looks > like it''s buggy. I checked in a fix as changeset 16519. Can > you please try > with that and see if it fixes your problem? > > -- Keir > > On 3/12/07 16:48, "Mark Langsdorf" <mark.langsdorf@amd.com> wrote: > > > The Xen platform hypercall for getting the cpu idletime does not > > check to make sure that all cpus in the map have indexes less > > than the size of the array that it writes the data into. Add > > bounds checking to avoid memory corruption. > > > > Signed-off-by: Mark Langsdorf <mark.langsdorf@amd.com> > > > > diff -r d40788f07a4f xen/arch/x86/platform_hypercall.c > > --- a/xen/arch/x86/platform_hypercall.c Sun Nov 25 12:43:13 > 2007 +0000 > > +++ b/xen/arch/x86/platform_hypercall.c Mon Dec 03 10:25:23 > 2007 -0600 > > @@ -326,6 +326,9 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xe > > cpu_clear(cpu, cpumap); > > } > > > > + if (cpu >= ctlmap.nr_cpus) > > + continue; > > + > > ret = -EFAULT; > > if ( copy_to_guest_offset(idletimes, cpu, > &idletime, 1) ) > > goto out; > > > > > > > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@lists.xensource.com > > http://lists.xensource.com/xen-devel > > > > >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel