WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-ia64-devel

[Top] [All Lists]

Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in

from [tgingold]

[Permanent Link][Original]

To:	Kouya Shimura <kouya@xxxxxxxxxxxxxx>
Subject:	Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation
From:	tgingold@xxxxxxx
Date:	Fri, 14 Dec 2007 14:16:06 +0100
Cc:	xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Fri, 14 Dec 2007 05:16:32 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
In-reply-to:	<7kodctlqdv.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-ia64-devel-request@lists.xensource.com?subject=help>
List-id:	Discussion of the ia64 port of Xen <xen-ia64-devel.lists.xensource.com>
List-post:	<mailto:xen-ia64-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-ia64-devel>, <mailto:xen-ia64-devel-request@lists.xensource.com?subject=unsubscribe>
References:	<7kodctlqdv.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender:	xen-ia64-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent:	Internet Messaging Program (IMP) 3.2.5

Quoting Kouya Shimura <kouya@xxxxxxxxxxxxxx>:

> Hi,
>
> The reputation of my previous patch was not so good,
> then I rewrote it. An attached patch is temporary fix
> for xen-3.2.
>
> I think this patch is enough for normal usage.
> Please see SDM Vol2 11.10.2.1.3 "Making PAL Procedure
> Calls in Physical or Virtual Mode".
> If the caller has a responsibility of providing DTR or DTC
> mapping, xencomm for PAL might be unnecessary.

Right, that's a very interesting way.  It also implies the buffer can't
spread across two pages.

> I confirmed there is no problem in linux, windows 2003,
> windows 2008 with this patch.

Good!

> As for PV domain, the same logic can't be used due to
> only one vTLB. This patch only checks that the buffer
> never point VMM address, that would avoid the vulnerability.

Ok.

Tristan.

_______________________________________________
Xen-ia64-devel mailing list
Xen-ia64-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-ia64-devel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Kouya Shimura Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, tgingold <= Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Alex Williamson Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Jarod Wilson Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Alex Williamson Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Jarod Wilson Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Alex Williamson

Previous by Date:	[Xen-ia64-devel] [IA64] Weekly benchmark results [ww50], KUWAMURA Shin'ya
Next by Date:	Re: [Xen-ia64-devel] [PATCH] Fix vmx_asm_thash, tgingold
Previous by Thread:	[Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Kouya Shimura
Next by Thread:	Re: [Xen-ia64-devel] [PATCH][TAKE3] Fix vulnerability of copy_to_user in PAL emulation, Alex Williamson
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix