WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] bitopts functions overflowing page boundarys

from [Scott Parish] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] bitopts functions overflowing page boundarys
From: "Scott Parish" <srparish@xxxxxxxxxx>
Date: Sat, 28 May 2005 04:43:20 +0000
Delivery-date: Sat, 28 May 2005 05:19:19 +0000
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.4.2.1i 
u.inuse.type_info is at the end of the pfn_info structure, and is
u32 for both x86_32 and x86_64--in this location it can also be the
last 32 bits of a page.

several functions use bitopts.h functions to manipulate this member, and
on x86_64 these functions use u64 instructions, which will overflow the
page boundary, and possibly the end of memory as we see here:

   (XEN) &page->u.inuse.type_info = 0xffff828402fffffc
   (XEN) CPU:    0
   (XEN) EIP:    e010:[<ffff830000129089>]      

   <registers and stack ommitted>

   (XEN) Pagetable walk from ffff828403000000:
   (XEN)  L4 = 00000000016a5063
   (XEN)   L3 = 00000000016a6063
   (XEN)    L2 = 0000000000000000 

   ****************************************
   Panic on CPU0:
   CPU0 FATAL PAGE FAULT
   [error_code=0002]
   Faulting linear address: ffff828403000000
   ****************************************

the attached patch fixes this.

sRp

-- 
Scott Parish
Signed-off-by: srparish@xxxxxxxxxx

Attachment: 32bit.diff
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] Making x86-64 XenLinux stable, Nakajima, Jun
Next by Date:  [Xen-devel] Re: [PATCH] Avoid unncessary checksum validation in TCP/UDP netfilter, Keir Fraser
Previous by Thread:  [Xen-devel] [PATCH] Making x86-64 XenLinux stable, Nakajima, Jun
Next by Thread:  Re: [Xen-devel] bitopts functions overflowing page boundarys, Keir Fraser
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy