# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1232539081 0
# Node ID 033945166a3a5f3078b1e583bc5e50871ef7e801
# Parent a0dddcbd9e32279cfa2b2835beb002b25eb94d46
xenoprof: dom0 hypercall could trigger Xen NULL-pointer access
Signed-off-by: Xiaowei Yang <xiaowei.yang@xxxxxxxxx>
---
xen/common/xenoprof.c | 29 +++++++++++++++++------------
xen/include/xen/xenoprof.h | 7 ++++---
2 files changed, 21 insertions(+), 15 deletions(-)
diff -r a0dddcbd9e32 -r 033945166a3a xen/common/xenoprof.c
--- a/xen/common/xenoprof.c Tue Jan 20 16:41:29 2009 +0000
+++ b/xen/common/xenoprof.c Wed Jan 21 11:58:01 2009 +0000
@@ -681,6 +681,8 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
{
case XENOPROF_init:
ret = xenoprof_op_init(arg);
+ if ( !ret )
+ xenoprof_state = XENOPROF_INITIALIZED;
break;
case XENOPROF_get_buffer:
@@ -693,21 +695,19 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
break;
case XENOPROF_reset_active_list:
- {
reset_active_list();
ret = 0;
break;
- }
+
case XENOPROF_reset_passive_list:
- {
reset_passive_list();
ret = 0;
break;
- }
+
case XENOPROF_set_active:
{
domid_t domid;
- if ( xenoprof_state != XENOPROF_IDLE )
+ if ( xenoprof_state != XENOPROF_INITIALIZED )
{
ret = -EPERM;
break;
@@ -720,18 +720,18 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
ret = add_active_list(domid);
break;
}
+
case XENOPROF_set_passive:
- {
- if ( xenoprof_state != XENOPROF_IDLE )
+ if ( xenoprof_state != XENOPROF_INITIALIZED )
{
ret = -EPERM;
break;
}
ret = add_passive_list(arg);
break;
- }
+
case XENOPROF_reserve_counters:
- if ( xenoprof_state != XENOPROF_IDLE )
+ if ( xenoprof_state != XENOPROF_INITIALIZED )
{
ret = -EPERM;
break;
@@ -748,7 +748,6 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
ret = -EPERM;
break;
}
-
ret = xenoprof_arch_counter(arg);
break;
@@ -766,8 +765,14 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
case XENOPROF_enable_virq:
{
int i;
+
if ( current->domain == xenoprof_primary_profiler )
{
+ if ( xenoprof_state != XENOPROF_READY )
+ {
+ ret = -EPERM;
+ break;
+ }
xenoprof_arch_enable_virq();
xenoprof_reset_stat();
for ( i = 0; i < pdomains; i++ )
@@ -835,7 +840,7 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
if ( (xenoprof_state == XENOPROF_COUNTERS_RESERVED) ||
(xenoprof_state == XENOPROF_READY) )
{
- xenoprof_state = XENOPROF_IDLE;
+ xenoprof_state = XENOPROF_INITIALIZED;
xenoprof_arch_release_counters();
xenoprof_arch_disable_virq();
reset_passive_list();
@@ -845,7 +850,7 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
case XENOPROF_shutdown:
ret = -EPERM;
- if ( xenoprof_state == XENOPROF_IDLE )
+ if ( xenoprof_state == XENOPROF_INITIALIZED )
{
activated = 0;
adomains=0;
diff -r a0dddcbd9e32 -r 033945166a3a xen/include/xen/xenoprof.h
--- a/xen/include/xen/xenoprof.h Tue Jan 20 16:41:29 2009 +0000
+++ b/xen/include/xen/xenoprof.h Wed Jan 21 11:58:01 2009 +0000
@@ -19,9 +19,10 @@
#define XENOPROF_DOMAIN_PASSIVE 2
#define XENOPROF_IDLE 0
-#define XENOPROF_COUNTERS_RESERVED 1
-#define XENOPROF_READY 2
-#define XENOPROF_PROFILING 3
+#define XENOPROF_INITIALIZED 1
+#define XENOPROF_COUNTERS_RESERVED 2
+#define XENOPROF_READY 3
+#define XENOPROF_PROFILING 4
#ifndef CONFIG_COMPAT
typedef struct xenoprof_buf xenoprof_buf_t;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|