WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [PATCH] Fix bug1706

To: "Wei, Gang" <gang.wei@xxxxxxxxx>, "Zheng, Shaohui" <shaohui.zheng@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH] Fix bug1706
From: "Wei, Gang" <gang.wei@xxxxxxxxx>
Date: Wed, 26 Jan 2011 15:28:37 +0800
Accept-language: zh-CN, en-US
Acceptlanguage: zh-CN, en-US
Cc: Keir Fraser <keir@xxxxxxx>, "Wei, Gang" <gang.wei@xxxxxxxxx>
Delivery-date: Tue, 25 Jan 2011 23:29:31 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <F26D193E20BBDC42A43B611D1BDEDE712556378A03@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <A24AE1FFE7AEC5489F83450EE98351BF2BF2EC4CB0@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <F26D193E20BBDC42A43B611D1BDEDE712556378690@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <F26D193E20BBDC42A43B611D1BDEDE7125563789BD@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <F26D193E20BBDC42A43B611D1BDEDE712556378A03@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acu6GEBstpnTfIH/TdeQZvf0FjUZ0QAOlF+wAI5FPEAAJDXLMAABNBkQAAIjS6A=
Thread-topic: [PATCH] Fix bug1706
Here is fix for bug 1706.

ROOT-CAUSE:
In the end of domain_destroy fn, call_rcu(&d->rcu, complete_domain_destroy) 
make it possible that complete_domain_destroy fn be executed in different vcpu 
context. So the IS_PRIV_FOR check in unmap_domain_pirq fn is not suitable. In 
fact, all necessary privilege checks have already been done in the start of 
hypercalls, we need only simply remove this check from unmap_domain_pirq.

Signed-off-by: Wei Gang <gang.wei@xxxxxxxx>

diff -r d1631540bcc4 xen/arch/x86/irq.c
--- a/xen/arch/x86/irq.c        Tue Jan 18 17:23:24 2011 +0000
+++ b/xen/arch/x86/irq.c        Thu Jan 27 20:53:28 2011 +0800
@@ -1567,9 +1567,6 @@ int unmap_domain_pirq(struct domain *d, 
     if ( (pirq < 0) || (pirq >= d->nr_pirqs) )
         return -EINVAL;
 
-    if ( !IS_PRIV_FOR(current->domain, d) )
-        return -EINVAL;
-
     ASSERT(spin_is_locked(&pcidevs_lock));
     ASSERT(spin_is_locked(&d->event_lock));

Jimmy

Attachment: bug1706-fix.patch
Description: bug1706-fix.patch

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel