This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] [XSM] Potential security vulnerability and inconsistency in

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [XSM] Potential security vulnerability and inconsistency in evtchn_close
From: "Tan, Lin" <lintan2@xxxxxxxx>
Date: Sun, 17 Feb 2008 12:04:22 -0600
Accept-language: en-US
Acceptlanguage: en-US
Delivery-date: Sun, 17 Feb 2008 10:04:38 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Achxj4Y3A9B64wJDQdSqfRXw0ecbLA==
Thread-topic: [Xen-devel] [XSM] Potential security vulnerability and inconsistency in evtchn_close
Hi All,

I found that evtchn_close() is not checked for authorization by xsm hooks in 
some cases.

There is no xsm permission check before evtchn_close() called in 
do_event_channel_op() as shown below. I imagine, maybe there is no need to 
check if one can close itself, but it is probably still good to add a xsm hook 
inside evtchn_close() in case we decide to expand evtchn_close() to close other 
domains later.

In addition, almost all other functions such as evtchn_send() and 
evtchn_status() put their xsm hooks inside themselves, it would be more 
consistent to add a xsm_evtchn_close() hook in evtchn_close(). What do you 
think? Thanks.

818   long do_event_channel_op(int cmd, XEN_GUEST_HANDLE(void) arg) {
874     case EVTCHNOP_close: {
875         struct evtchn_close close;
876         if ( copy_from_guest(&close, arg, 1) != 0 )
877             return -EFAULT;
878         rc = evtchn_close(&close);
879         break;


Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [XSM] Potential security vulnerability and inconsistency in evtchn_close, Tan, Lin <=