Yang, Xiaowei
2009-Jan-21 04:27 UTC
[Xen-devel] [PATCH] Protect Xen against accessing NULL-pointer triggered by Xenoprof Hypercall in dom0
Xenoprof Hypercall in dom0 could trigger Xen accessing NULL-pointer and results in fatal page fault. The patch prevents it. Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com> Thanks, Xiaowei _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Santos, Jose Renato G
2009-Jan-21 16:33 UTC
RE: [Xen-devel] [PATCH] Protect Xen against accessing NULL-pointer triggered by Xenoprof Hypercall in dom0
Xiaowei, Could you please clarify what is the NULL pointer problem that you want to prevent with this patch? Thanks Renato> -----Original Message----- > From: xen-devel-bounces@lists.xensource.com > [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of > Yang, Xiaowei > Sent: Tuesday, January 20, 2009 8:28 PM > To: xen-devel@lists.xensource.com > Subject: [Xen-devel] [PATCH] Protect Xen against accessing > NULL-pointer triggered by Xenoprof Hypercall in dom0 > > Xenoprof Hypercall in dom0 could trigger Xen accessing > NULL-pointer and results in fatal page fault. The patch prevents it. > > Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com> > > Thanks, > Xiaowei > >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Yang, Xiaowei
2009-Jan-22 00:50 UTC
Re: [Xen-devel] [PATCH] Protect Xen against accessing NULL-pointer triggered by Xenoprof Hypercall in dom0
Santos, Jose Renato G wrote:> Xiaowei, > > Could you please clarify what is the NULL pointer problem that you want to prevent with this patch? > Thanks >Oh, let me put more details. For late coming CPUs that Xenoprof doesn''t support yet, pointers cpu_type and model could be unassigned at init time and remains as NULL. However almost all Xenoprof internal functions doesn''t check it before using. If the hyercall handler doesn''t take care of it, dom0 could exploit it (e.g. XENOPROF_reserve_counters) to trigger Xen NULL-pointer access. Thanks, Xiaowei> Renato > >> -----Original Message----- >> From: xen-devel-bounces@lists.xensource.com >> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of >> Yang, Xiaowei >> Sent: Tuesday, January 20, 2009 8:28 PM >> To: xen-devel@lists.xensource.com >> Subject: [Xen-devel] [PATCH] Protect Xen against accessing >> NULL-pointer triggered by Xenoprof Hypercall in dom0 >> >> Xenoprof Hypercall in dom0 could trigger Xen accessing >> NULL-pointer and results in fatal page fault. The patch prevents it. >> >> Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com> >> >> Thanks, >> Xiaowei >> >>_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Santos, Jose Renato G
2009-Jan-22 18:22 UTC
RE: [Xen-devel] [PATCH] Protect Xen against accessing NULL-pointer triggered by Xenoprof Hypercall in dom0
Thanks Xiaowei Yes, that makes sense. I guess it is good to prevent dom0 misbehavior to crash the system. The patch looks good to me Thanks Renato> -----Original Message----- > From: Yang, Xiaowei [mailto:xiaowei.yang@intel.com] > Sent: Wednesday, January 21, 2009 4:50 PM > To: Santos, Jose Renato G > Cc: xen-devel@lists.xensource.com > Subject: Re: [Xen-devel] [PATCH] Protect Xen against > accessing NULL-pointer triggered by Xenoprof Hypercall in dom0 > > Santos, Jose Renato G wrote: > > Xiaowei, > > > > Could you please clarify what is the NULL pointer problem > that you want to prevent with this patch? > > Thanks > > > Oh, let me put more details. For late coming CPUs that > Xenoprof doesn''t support yet, pointers cpu_type and model > could be unassigned at init time and remains as NULL. However > almost all Xenoprof internal functions doesn''t check it > before using. If the hyercall handler doesn''t take care of > it, dom0 could exploit it (e.g. XENOPROF_reserve_counters) to > trigger Xen NULL-pointer access. > > Thanks, > Xiaowei > > > Renato > > > >> -----Original Message----- > >> From: xen-devel-bounces@lists.xensource.com > >> [mailto:xen-devel-bounces@lists.xensource.com] On Behalf Of Yang, > >> Xiaowei > >> Sent: Tuesday, January 20, 2009 8:28 PM > >> To: xen-devel@lists.xensource.com > >> Subject: [Xen-devel] [PATCH] Protect Xen against accessing > >> NULL-pointer triggered by Xenoprof Hypercall in dom0 > >> > >> Xenoprof Hypercall in dom0 could trigger Xen accessing > NULL-pointer > >> and results in fatal page fault. The patch prevents it. > >> > >> Signed-off-by: Xiaowei Yang <xiaowei.yang@intel.com> > >> > >> Thanks, > >> Xiaowei > >> > >> > >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel