WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH] Protect Xen against accessing NULL-pointer triggered

from [Yang, Xiaowei] [Permanent Link][Original]
To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] Protect Xen against accessing NULL-pointer triggered by Xenoprof Hypercall in dom0
From: "Yang, Xiaowei" <xiaowei.yang@xxxxxxxxx>
Date: Wed, 21 Jan 2009 12:27:34 +0800
Delivery-date: Tue, 20 Jan 2009 20:28:24 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.19 (X11/20090105) 
Xenoprof Hypercall in dom0 could trigger Xen accessing NULL-pointer and
results in fatal page fault. The patch prevents it.

Signed-off-by: Xiaowei Yang <xiaowei.yang@xxxxxxxxx>

Thanks,
Xiaowei


diff -r 4f6a2bbdff3f xen/common/xenoprof.c
--- a/xen/common/xenoprof.c     Tue Jan 13 15:53:47 2009 +0000
+++ b/xen/common/xenoprof.c     Tue Jan 13 22:45:27 2009 +0800
@@ -681,6 +681,8 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
     {
     case XENOPROF_init:
         ret = xenoprof_op_init(arg);
+        if ( !ret )
+            xenoprof_state = XENOPROF_INITIALIZED;
         break;
 
     case XENOPROF_get_buffer:
@@ -693,21 +695,19 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
         break;
 
     case XENOPROF_reset_active_list:
-    {
         reset_active_list();
         ret = 0;
         break;
-    }
+
     case XENOPROF_reset_passive_list:
-    {
         reset_passive_list();
         ret = 0;
         break;
-    }
+
     case XENOPROF_set_active:
     {
         domid_t domid;
-        if ( xenoprof_state != XENOPROF_IDLE )
+        if ( xenoprof_state != XENOPROF_INITIALIZED )
         {
             ret = -EPERM;
             break;
@@ -720,18 +720,18 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
         ret = add_active_list(domid);
         break;
     }
+
     case XENOPROF_set_passive:
-    {
-        if ( xenoprof_state != XENOPROF_IDLE )
+        if ( xenoprof_state != XENOPROF_INITIALIZED )
         {
             ret = -EPERM;
             break;
         }
         ret = add_passive_list(arg);
         break;
-    }
+
     case XENOPROF_reserve_counters:
-        if ( xenoprof_state != XENOPROF_IDLE )
+        if ( xenoprof_state != XENOPROF_INITIALIZED )
         {
             ret = -EPERM;
             break;
@@ -748,7 +748,6 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
             ret = -EPERM;
             break;
         }
-
         ret = xenoprof_arch_counter(arg);
         break;
 
@@ -766,8 +765,14 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
     case XENOPROF_enable_virq:
     {
         int i;
+
         if ( current->domain == xenoprof_primary_profiler )
         {
+            if ( xenoprof_state != XENOPROF_READY )
+            {
+                ret = -EPERM;
+                break;
+            }
             xenoprof_arch_enable_virq();
             xenoprof_reset_stat();
             for ( i = 0; i < pdomains; i++ )
@@ -835,7 +840,7 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
         if ( (xenoprof_state == XENOPROF_COUNTERS_RESERVED) ||
              (xenoprof_state == XENOPROF_READY) )
         {
-            xenoprof_state = XENOPROF_IDLE;
+            xenoprof_state = XENOPROF_INITIALIZED;
             xenoprof_arch_release_counters();
             xenoprof_arch_disable_virq();
             reset_passive_list();
@@ -845,7 +850,7 @@ int do_xenoprof_op(int op, XEN_GUEST_HAN
 
     case XENOPROF_shutdown:
         ret = -EPERM;
-        if ( xenoprof_state == XENOPROF_IDLE )
+        if ( xenoprof_state == XENOPROF_INITIALIZED )
         {
             activated = 0;
             adomains=0;
diff -r 4f6a2bbdff3f xen/include/xen/xenoprof.h
--- a/xen/include/xen/xenoprof.h        Tue Jan 13 15:53:47 2009 +0000
+++ b/xen/include/xen/xenoprof.h        Tue Jan 13 22:45:27 2009 +0800
@@ -19,9 +19,10 @@
 #define XENOPROF_DOMAIN_PASSIVE    2
 
 #define XENOPROF_IDLE              0
-#define XENOPROF_COUNTERS_RESERVED 1
-#define XENOPROF_READY             2
-#define XENOPROF_PROFILING         3
+#define XENOPROF_INITIALIZED       1
+#define XENOPROF_COUNTERS_RESERVED 2
+#define XENOPROF_READY             3
+#define XENOPROF_PROFILING         4
 
 #ifndef CONFIG_COMPAT
 typedef struct xenoprof_buf xenoprof_buf_t;

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] iperf problem with Windows SMP VM, ANNIE LI
Next by Date:  [Xen-devel] RE: [PATCH] txt: 2/6 - explicitly protect TXT addr ranges from dom0, Cihula, Joseph
Previous by Thread:  [Xen-devel] [PATCH] Move smp_num_siblings to the per-cpu data, Frank van der Linden
Next by Thread:  RE: [Xen-devel] [PATCH] Protect Xen against accessing NULL-pointer triggered by Xenoprof Hypercall in dom0, Santos, Jose Renato G
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy