WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-ia64-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-ia64-devel] [PATCH] Fix vulnerability of copy_to_user in PAL em

from [tgingold] [Permanent Link][Original]
To: Alex Williamson <alex.williamson@xxxxxx>
Subject: Re: [Xen-ia64-devel] [PATCH] Fix vulnerability of copy_to_user in PAL emulation
From: tgingold@xxxxxxx
Date: Thu, 13 Dec 2007 12:17:06 +0100
Cc: xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 13 Dec 2007 03:17:19 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1197479326.6674.7.camel@lappy>
List-help: <mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id: Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post: <mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
References: <7k8x41puy7.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1197391269.7945.43.camel@lappy> <7k63z4pnda.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx> <20071212051534.GA2535@saphi> <20071212061721.GA3042@saphi> <1197479326.6674.7.camel@lappy>
Sender: xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Internet Messaging Program (IMP) 3.2.5 
Quoting Alex Williamson <alex.williamson@xxxxxx>:

>
> On Wed, 2007-12-12 at 07:17 +0100, Tristan Gingold wrote:
> > My latest idea on this subject:
> >
> > The buffers are small: 64 bytes.  So, instead of passing a buffer address,
> > return the buffer by register (using scratch register r14-r21).  The PAL
> > stub can then save it to memory.  I think this approach is the simplest
> > one.
>
>    PAL_BRAND_INFO takes 128 bytes, but probably still feasible.
Right!
Furthermore as PAL_BRAND_INFO is stacked convention we can fully use xencomm
by allocating the buffer on the stack.

Tristan.

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] xenoprof: flush remaining smples when sampling is stopped., Isaku Yamahata
Next by Date:  [Xen-ia64-devel] [Patch] Update README.xenia64, Akio Takebe
Previous by Thread:  Re: [Xen-ia64-devel] [PATCH] Fix vulnerability of copy_to_user in PAL emulation, Alex Williamson
Next by Thread:  Re: [Xen-ia64-devel] [PATCH] Fix vulnerability of copy_to_user in PAL emulation, Isaku Yamahata
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy