This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0

To: Jan Beulich <JBeulich@xxxxxxxxxx>, Pasi Kärkkäinen <pasik@xxxxxx>
Subject: Re: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Tue, 09 Mar 2010 10:15:45 +0000
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>, Daniel Stodden <Daniel.Stodden@xxxxxxxxxx>
Delivery-date: Tue, 09 Mar 2010 02:18:06 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4B9624FD02000078000336EA@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acq/bDGQE464uO/jRqmaoQnOk7wANgABUl4k
Thread-topic: [Xen-devel] Xen 4.0.0x allows for data corruption in Dom0
User-agent: Microsoft-Entourage/
On 09/03/2010 09:37, "Jan Beulich" <JBeulich@xxxxxxxxxx> wrote:

>> 7dc2000: 5a02 0000 0000 0000 760d d90c c500 0000  Z.......v.......
>> 7dc2010: 3785 8def 8003 0000 1eb2 27b5 ff00 0000  7.........'.....
>> 2dc0d000:7802 0000 0000 0000 ec70 d8eb ce00 0000  x........p......
>> 2dc0d010:6fb9 a66d 8403 0000 1eb2 27b5 ff00 0000  o..m......'.....
> How about these being vcpu_time_info structures? The fields
> appear to all make sense. The only thing not matching this would
> be a few differently looking corruption entries sent earlier by Joanna,
> so this may not be the only thing. But it would explain why with 3.4.2
> the issue is not present.

Pasi, can you try the attached patch (which simply stubs out the new
VCPUOP_register_vcpu_time_memory_area hypercall)? I'm pretty sure this is
it: just look at the implementation of __update_vcpu_system_time: when
v!=current it will write to a virtual address in v, using current's page
tables. This will happen on context switch dom0->domU for example.

A quite suitable fix for 4.0.0 is to leave the hypercall stubbed out imo.

 -- Keir

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>