WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] Bug in smpboot.c?

from [John McDermott CIV] [Permanent Link][Original]
To: Keir Fraser <keir@xxxxxxx>
Subject: Re: [Xen-devel] Bug in smpboot.c?
From: John McDermott CIV <john.mcdermott@xxxxxxxxxxxx>
Date: Fri, 10 Jun 2011 07:31:51 -0400
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 10 Jun 2011 04:32:29 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CA178692.2E741%keir@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <CA178692.2E741%keir@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Keir,

Thanks; yes, we see no way to unravel it. I'm just paranoid.

Sincerely,

John

On Jun 10, 2011, at 3:30 AM, Keir Fraser wrote:

> On 09/06/2011 16:49, "John McDermott (U.S. Navy Employee)"
> <john.mcdermott@xxxxxxxxxxxx> wrote:
> 
>> Xen Developers,
>> 
>> In C function cpu_add(), in xen/arch/x86/smpboot.c, if acpi_id ==
>> MAX_MADT_ENTRIES, won't this write past the end of array
>> x86_acpiid_toapicid[MAX_MADT_ENTRIES]? I am looking at xen-unstable. It looks
>> like the guard is not catching this 1 case?
> 
> Fixed in xen-unstable:23505. Fortunately this function is only accessible
> from the TCB so it's not exploitable.
> 
> Thanks,
> -- Keir
> 
>> Sincerely,
>> 
>> John McDermott
>> ----
>> What is the formal meaning of the one-line program
>> #include "/dev/tty"
>> 
>> J.P. McDermott   building 12
>> Code 5542   mcdermott@xxxxxxxxxxxxxxxx
>> Naval Research Laboratory voice: +1 202.404.8301
>> Washington, DC 20375, US fax:   +1 202.404.7942
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-devel
> 

----
What is the formal meaning of the one-line program
#include "/dev/tty"

J.P. McDermott                  building 12
Code 5542                       mcdermott@xxxxxxxxxxxxxxxx
Naval Research Laboratory       voice: +1 202.404.8301
Washington, DC 20375, US        fax:   +1 202.404.7942










_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH 00 of 12] xenpaging fixes for xen-unstable, Olaf Hering
Next by Date:  Re: [Xen-devel] Possible shadow bug, Pasi Kärkkäinen
Previous by Thread:  Re: [Xen-devel] Bug in smpboot.c?, Keir Fraser
Next by Thread:  Penis Enlargement Pill - $59.95. Risk free 60-day money back guarantee, Doretta Mora
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy