 Home |
Products |
Support |
Community |
News |
xen-devel
[Xen-devel] Re: [PATCH] Xen: fix various checks of unsigned integers < 0
| To: | Dan Magenheimer <dan.magenheimer@xxxxxxxxxx> |
|---|---|
| Subject: | [Xen-devel] Re: [PATCH] Xen: fix various checks of unsigned integers < 0 |
| From: | Paolo Bonzini <pbonzini@xxxxxxxxxx> |
| Date: | Fri, 29 Oct 2010 23:23:07 +0200 |
| Cc: | xen-devel@xxxxxxxxxxxxxxxxxxx, Tim Deegan <Tim.Deegan@xxxxxxxxxx> |
| Delivery-date: | Fri, 29 Oct 2010 14:24:03 -0700 |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=htK74bd86FldDUwxMrhlUxlJbHbFJH/BkRqNhXmuCk4=; b=pZ/xnA4QZrw1o2/ssmLwvgDQrcfNIgeyoRUD9QLwBlDfR1UjPluBY866O35QyIIE5I ZQ0Kq6/qtpfFmWZQcZhsggUFvsfwFM6+AweN47F2iv/slT2QuXxFnSQPvTPSMRncvyMw 5lTxUpY8yZeCwe8ISbzvwmVI07LUWj/GQdsjY= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=ftJ06ot9ii4RvbW5GNu9rhNyJmsJESpXg2kQbphjAWitA2GKQs/oPOzA9WSL2LQtMk g4cXEcKDPYRNzB42WErrNep4Lfdufo67KADiI0Hx8kiv8iWZpPDTTN+2jwqlTrLFmKC4 8cTgw9V6jc9jYe50fe6KZpUAC7uc/+cCg0ie8= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <2e35ec26-1314-4f30-b172-fbd9b08134c9@default> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| References: | <20101029140219.GD11016@xxxxxxxxxxxxxxxxxxxxxxx> <2e35ec26-1314-4f30-b172-fbd9b08134c9@default> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100921 Fedora/3.1.4-1.fc13 Lightning/1.0b3pre Mnenhy/0.8.3 Thunderbird/3.1.4 |
On 10/29/2010 05:38 PM, Dan Magenheimer wrote: Wow, I wonder how many times this code has executed and returned the wrong (incorrectly sign-extended) value? Probably never---which doesn't make the fix worthless, but is still never. :) The emulator is mostly used for real mode and MMIO, but this is long-mode code (which rules out real mode) and the CQO instruction doesn't access memory (which rules out MMIO). To trigger the bug you probably have to cause a race between a thread doing MMIO and a thread replacing the MMIO instruction with a CQO. It can be done fairly reliably on KVM; until they were patched, this trick allowed to exploit emulator bugs and go from guest-ring3 to guest-ring0. Paolo _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-devel] Re: [GIT PULL] Small Xen bugfixes, Jeremy Fitzhardinge |
|---|---|
| Next by Date: | [Xen-devel] RE: About ping latency in SR-IOV, Rose, Gregory V |
| Previous by Thread: | RE: [Xen-devel] [PATCH] Xen: fix various checks of unsigned integers < 0, Dan Magenheimer |
| Next by Thread: | [Xen-devel] Re: Section conflicts with percpu variables, Jeremy Fitzhardinge |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
