xen-changelog

[Top] [All Lists]

[Xen-changelog] [xen-unstable] ioemu: various fixes to 18394:dade7f0bdc8

from [Xen patchbot-unstable]

[Permanent Link][Original]

To:	xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-changelog] [xen-unstable] ioemu: various fixes to 18394:dade7f0bdc8d
From:	Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date:	Tue, 16 Sep 2008 06:00:32 -0700
Delivery-date:	Tue, 16 Sep 2008 06:00:30 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id:	BK change log <xen-changelog.lists.xensource.com>
List-post:	<mailto:xen-changelog@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to:	xen-devel@xxxxxxxxxxxxxxxxxxx
Sender:	xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1220968971 -3600
# Node ID 33d907ff2b043c4bff5c265737dab0bb52d6f773
# Parent  4f27d1a23bca64ec644726cbd46567ebfef7951a
ioemu: various fixes to 18394:dade7f0bdc8d

- fix ioemu segv with old firmware
  Without notifying ioemu of address, ioemu will segv.

- fix qemu-dm segv with malicous firmware
  If notifying ioemu more than once, ioemu will segv.

Usually such cases don't happen, but malicious guest can
do it intentionally.

Signed-off-by: Isaku Yamahata <yamahata@xxxxxxxxxxxxx>
---
 tools/ioemu/hw/cirrus_vga.c |    3 +++
 tools/ioemu/hw/vga.c        |    8 +++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff -r 4f27d1a23bca -r 33d907ff2b04 tools/ioemu/hw/cirrus_vga.c
--- a/tools/ioemu/hw/cirrus_vga.c       Tue Sep 09 15:02:32 2008 +0100
+++ b/tools/ioemu/hw/cirrus_vga.c       Tue Sep 09 15:02:51 2008 +0100
@@ -2554,6 +2554,9 @@ static void set_vram_mapping(CirrusVGASt
 
     fprintf(logfile,"mapping vram to %lx - %lx\n", begin, end);
 
+    if (!s->vram_mfns)
+        return;
+
     xatp.domid = domid;
     xatp.space = XENMAPSPACE_mfn;
 
diff -r 4f27d1a23bca -r 33d907ff2b04 tools/ioemu/hw/vga.c
--- a/tools/ioemu/hw/vga.c      Tue Sep 09 15:02:32 2008 +0100
+++ b/tools/ioemu/hw/vga.c      Tue Sep 09 15:02:51 2008 +0100
@@ -2080,7 +2080,13 @@ void xen_vga_vram_map(uint64_t vram_addr
 
     if (copy)
         memcpy(vram, xen_vga_state->vram_ptr, VGA_RAM_SIZE);
-    qemu_free(xen_vga_state->vram_ptr);
+    if (xen_vga_state->vram_mfns) {
+        /* In case this function is called more than once */
+        free(xen_vga_state->vram_mfns);
+        munmap(xen_vga_state->vram_ptr, VGA_RAM_SIZE);
+    } else {
+        qemu_free(xen_vga_state->vram_ptr);
+    }
     xen_vga_state->vram_ptr = vram;
     xen_vga_state->vram_mfns = pfn_list;
 #ifdef CONFIG_STUBDOM

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-changelog] [xen-unstable] ioemu: various fixes to 18394:dade7f0bdc8d, Xen patchbot-unstable <=

Previous by Date:	[Xen-changelog] [xen-unstable] libxc: fix xc_memory_op(): handles XENMEM_remove_from_phsymap case., Xen patchbot-unstable
Next by Date:	[Xen-changelog] [xen-unstable] vtd.txt: Add caveat about assigning certain types of device., Xen patchbot-unstable
Previous by Thread:	[Xen-changelog] [xen-unstable] libxc: fix xc_memory_op(): handles XENMEM_remove_from_phsymap case., Xen patchbot-unstable
Next by Thread:	[Xen-changelog] [xen-unstable] vtd.txt: Add caveat about assigning certain types of device., Xen patchbot-unstable
Indexes:	[Date] [Thread] [Top] [All Lists]